//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension Organizations {
    // MARK: Enums

    public enum AccessDeniedForDependencyExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE"
        public var description: String { return self.rawValue }
    }

    public enum AccountJoinedMethod: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case created = "CREATED"
        case invited = "INVITED"
        public var description: String { return self.rawValue }
    }

    public enum AccountState: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case closed = "CLOSED"
        case pendingActivation = "PENDING_ACTIVATION"
        case pendingClosure = "PENDING_CLOSURE"
        case suspended = "SUSPENDED"
        public var description: String { return self.rawValue }
    }

    public enum AccountStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case active = "ACTIVE"
        case pendingClosure = "PENDING_CLOSURE"
        case suspended = "SUSPENDED"
        public var description: String { return self.rawValue }
    }

    public enum ActionType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case addOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE"
        case approveAllFeatures = "APPROVE_ALL_FEATURES"
        case enableAllFeatures = "ENABLE_ALL_FEATURES"
        case inviteAccountToOrganization = "INVITE"
        public var description: String { return self.rawValue }
    }

    public enum ChildType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case account = "ACCOUNT"
        case organizationalUnit = "ORGANIZATIONAL_UNIT"
        public var description: String { return self.rawValue }
    }

    public enum ConstraintViolationExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION"
        case accountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA"
        case accountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION"
        case accountCreationNotComplete = "ACCOUNT_CREATION_NOT_COMPLETE"
        case accountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED"
        case accountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
        case allFeaturesMigrationOrganizationSizeLimitExceeded = "ALL_FEATURES_MIGRATION_ORGANIZATION_SIZE_LIMIT_EXCEEDED"
        case cannotCloseManagementAccount = "CANNOT_CLOSE_MANAGEMENT_ACCOUNT"
        case cannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR"
        case cannotRegisterSuspendedAccountAsDelegatedAdministrator = "CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR"
        case cannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG"
        case closeAccountQuotaExceeded = "CLOSE_ACCOUNT_QUOTA_EXCEEDED"
        case closeAccountRequestsLimitExceeded = "CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED"
        case createOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION"
        case delegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE"
        case emailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED"
        case handshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
        case invalidPaymentInstrument = "INVALID_PAYMENT_INSTRUMENT"
        case masterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE"
        case masterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE"
        case masterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO"
        case masterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED"
        case masterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
        case maxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED"
        case maxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
        case maxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED"
        case memberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
        case minPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
        case organizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE"
        case ouDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED"
        case ouNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED"
        case policyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED"
        case policyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED"
        case policyTypeEnabledForThisService = "POLICY_TYPE_ENABLED_FOR_THIS_SERVICE"
        case serviceAccessNotEnabled = "SERVICE_ACCESS_NOT_ENABLED"
        case tagPolicyViolation = "TAG_POLICY_VIOLATION"
        case waitPeriodActive = "WAIT_PERIOD_ACTIVE"
        public var description: String { return self.rawValue }
    }

    public enum CreateAccountFailureReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED"
        case concurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION"
        case emailAlreadyExists = "EMAIL_ALREADY_EXISTS"
        case failedBusinessValidation = "FAILED_BUSINESS_VALIDATION"
        case govcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
        case internalFailure = "INTERNAL_FAILURE"
        case invalidAddress = "INVALID_ADDRESS"
        case invalidEmail = "INVALID_EMAIL"
        case invalidIdentityForBusinessValidation = "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION"
        case invalidPaymentInstrument = "INVALID_PAYMENT_INSTRUMENT"
        case missingBusinessValidation = "MISSING_BUSINESS_VALIDATION"
        case missingPaymentInstrument = "MISSING_PAYMENT_INSTRUMENT"
        case pendingBUSINESSValidationv = "PENDING_BUSINESS_VALIDATION"
        case unknownBusinessValidation = "UNKNOWN_BUSINESS_VALIDATION"
        case updateExistingResourcePolicyWithTagsNotSupported = "UPDATE_EXISTING_RESOURCE_POLICY_WITH_TAGS_NOT_SUPPORTED"
        public var description: String { return self.rawValue }
    }

    public enum CreateAccountState: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case failed = "FAILED"
        case inProgress = "IN_PROGRESS"
        case succeeded = "SUCCEEDED"
        public var description: String { return self.rawValue }
    }

    public enum EffectivePolicyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case aiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
        case backupPolicy = "BACKUP_POLICY"
        case chatbotPolicy = "CHATBOT_POLICY"
        case declarativePolicyEc2 = "DECLARATIVE_POLICY_EC2"
        case securityhubPolicy = "SECURITYHUB_POLICY"
        case tagPolicy = "TAG_POLICY"
        public var description: String { return self.rawValue }
    }

    public enum HandshakeConstraintViolationExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
        case alreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION"
        case handshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
        case inviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES"
        case managementAccountEmailNotVerified = "MANAGEMENT_ACCOUNT_EMAIL_NOT_VERIFIED"
        case organizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES"
        case organizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD"
        case organizationIsAlreadyPendingAllFeaturesMigration = "ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION"
        case organizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED"
        case paymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED"
        public var description: String { return self.rawValue }
    }

    public enum HandshakePartyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case account = "ACCOUNT"
        case email = "EMAIL"
        case organization = "ORGANIZATION"
        public var description: String { return self.rawValue }
    }

    public enum HandshakeResourceType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case account = "ACCOUNT"
        case email = "EMAIL"
        case masterEmail = "MASTER_EMAIL"
        case masterName = "MASTER_NAME"
        case notes = "NOTES"
        case organization = "ORGANIZATION"
        case organizationFeatureSet = "ORGANIZATION_FEATURE_SET"
        case parentHandshake = "PARENT_HANDSHAKE"
        public var description: String { return self.rawValue }
    }

    public enum HandshakeState: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accepted = "ACCEPTED"
        case canceled = "CANCELED"
        case declined = "DECLINED"
        case expired = "EXPIRED"
        case open = "OPEN"
        case requested = "REQUESTED"
        public var description: String { return self.rawValue }
    }

    public enum IAMUserAccessToBilling: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case allow = "ALLOW"
        case deny = "DENY"
        public var description: String { return self.rawValue }
    }

    public enum InvalidInputExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case duplicateTagKey = "DUPLICATE_TAG_KEY"
        case immutablePolicy = "IMMUTABLE_POLICY"
        case inputRequired = "INPUT_REQUIRED"
        case invalidEmailAddressTarget = "INVALID_EMAIL_ADDRESS_TARGET"
        case invalidEnum = "INVALID_ENUM"
        case invalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE"
        case invalidFullNameTarget = "INVALID_FULL_NAME_TARGET"
        case invalidListMember = "INVALID_LIST_MEMBER"
        case invalidPaginationToken = "INVALID_NEXT_TOKEN"
        case invalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET"
        case invalidPattern = "INVALID_PATTERN"
        case invalidPatternTargetId = "INVALID_PATTERN_TARGET_ID"
        case invalidPrincipal = "INVALID_PRINCIPAL"
        case invalidResourcePolicyJson = "INVALID_RESOURCE_POLICY_JSON"
        case invalidRoleName = "INVALID_ROLE_NAME"
        case invalidSyntaxOrganization = "INVALID_SYNTAX_ORGANIZATION_ARN"
        case invalidSyntaxPolicy = "INVALID_SYNTAX_POLICY_ID"
        case invalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER"
        case maxFilterLimitExceeded = "MAX_LIMIT_EXCEEDED_FILTER"
        case maxLengthExceeded = "MAX_LENGTH_EXCEEDED"
        case maxValueExceeded = "MAX_VALUE_EXCEEDED"
        case minLengthExceeded = "MIN_LENGTH_EXCEEDED"
        case minValueExceeded = "MIN_VALUE_EXCEEDED"
        case movingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS"
        case nonDetachablePolicy = "NON_DETACHABLE_POLICY"
        case targetNotSupported = "TARGET_NOT_SUPPORTED"
        case unrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL"
        case unsupportedActionInResourcePolicy = "UNSUPPORTED_ACTION_IN_RESOURCE_POLICY"
        case unsupportedPolicyTypeInResourcePolicy = "UNSUPPORTED_POLICY_TYPE_IN_RESOURCE_POLICY"
        case unsupportedResourceInResourcePolicy = "UNSUPPORTED_RESOURCE_IN_RESOURCE_POLICY"
        public var description: String { return self.rawValue }
    }

    public enum OrganizationFeatureSet: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case all = "ALL"
        case consolidatedBilling = "CONSOLIDATED_BILLING"
        public var description: String { return self.rawValue }
    }

    public enum ParentType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case organizationalUnit = "ORGANIZATIONAL_UNIT"
        case root = "ROOT"
        public var description: String { return self.rawValue }
    }

    public enum PolicyType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case aiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
        case backupPolicy = "BACKUP_POLICY"
        case chatbotPolicy = "CHATBOT_POLICY"
        case declarativePolicyEc2 = "DECLARATIVE_POLICY_EC2"
        case resourceControlPolicy = "RESOURCE_CONTROL_POLICY"
        case securityhubPolicy = "SECURITYHUB_POLICY"
        case serviceControlPolicy = "SERVICE_CONTROL_POLICY"
        case tagPolicy = "TAG_POLICY"
        public var description: String { return self.rawValue }
    }

    public enum PolicyTypeStatus: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case enabled = "ENABLED"
        case pendingDisable = "PENDING_DISABLE"
        case pendingEnable = "PENDING_ENABLE"
        public var description: String { return self.rawValue }
    }

    public enum TargetType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case account = "ACCOUNT"
        case organizationalUnit = "ORGANIZATIONAL_UNIT"
        case root = "ROOT"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct AcceptHandshakeRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the handshake that you want to accept. The regex pattern for  handshake ID string requires "h-"  followed by from 8 to 32 lowercase letters or digits.
        public let handshakeId: String

        @inlinable
        public init(handshakeId: String) {
            self.handshakeId = handshakeId
        }

        public func validate(name: String) throws {
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, max: 34)
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, pattern: "^h-[0-9a-z]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case handshakeId = "HandshakeId"
        }
    }

    public struct AcceptHandshakeResponse: AWSDecodableShape {
        /// A structure that contains details about the accepted handshake.
        public let handshake: Handshake?

        @inlinable
        public init(handshake: Handshake? = nil) {
            self.handshake = handshake
        }

        private enum CodingKeys: String, CodingKey {
            case handshake = "Handshake"
        }
    }

    public struct AccessDeniedForDependencyException: AWSErrorShape {
        public let message: String?
        public let reason: AccessDeniedForDependencyExceptionReason?

        @inlinable
        public init(message: String? = nil, reason: AccessDeniedForDependencyExceptionReason? = nil) {
            self.message = message
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case reason = "Reason"
        }
    }

    public struct Account: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the account. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let arn: String?
        /// The email address associated with the Amazon Web Services account. The regex pattern for this parameter is a string of characters that represents a standard internet email address.
        public let email: String?
        /// The unique identifier (ID) of the account. The regex pattern for an account ID string requires exactly 12 digits.
        public let id: String?
        /// The method by which the account joined the organization.
        public let joinedMethod: AccountJoinedMethod?
        /// The date the account became a part of the organization.
        public let joinedTimestamp: Date?
        /// The friendly name of the account. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String?
        /// Each state represents a specific phase in the account lifecycle. Use this information to manage account access, automate workflows, or trigger actions based on account state changes. For more information about account states and their implications, see Monitor the state of your Amazon Web Services accounts  in the Organizations User Guide.
        public let state: AccountState?
        /// The status of the account in the organization.  The Status parameter in the Account object will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.
        public let status: AccountStatus?

        @inlinable
        public init(arn: String? = nil, email: String? = nil, id: String? = nil, joinedMethod: AccountJoinedMethod? = nil, joinedTimestamp: Date? = nil, name: String? = nil, state: AccountState? = nil, status: AccountStatus? = nil) {
            self.arn = arn
            self.email = email
            self.id = id
            self.joinedMethod = joinedMethod
            self.joinedTimestamp = joinedTimestamp
            self.name = name
            self.state = state
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case email = "Email"
            case id = "Id"
            case joinedMethod = "JoinedMethod"
            case joinedTimestamp = "JoinedTimestamp"
            case name = "Name"
            case state = "State"
            case status = "Status"
        }
    }

    public struct AttachPolicyRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the policy that you want to attach to the target. You can get the ID for the policy by calling the ListPolicies operation. The regex pattern for a policy ID string requires "p-" followed  by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
        public let policyId: String
        /// The unique identifier (ID) of the root, OU, or account that you want to attach the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations. The regex pattern for a target ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Account - A string that consists of exactly 12 digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32  lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let targetId: String

        @inlinable
        public init(policyId: String, targetId: String) {
            self.policyId = policyId
            self.targetId = targetId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyId, name: "policyId", parent: name, max: 130)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^p-[0-9a-zA-Z_]{8,128}$")
            try self.validate(self.targetId, name: "targetId", parent: name, max: 100)
            try self.validate(self.targetId, name: "targetId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "PolicyId"
            case targetId = "TargetId"
        }
    }

    public struct CancelHandshakeRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the handshake that you want to cancel. You can get the ID from the ListHandshakesForOrganization operation. The regex pattern for  handshake ID string requires "h-"  followed by from 8 to 32 lowercase letters or digits.
        public let handshakeId: String

        @inlinable
        public init(handshakeId: String) {
            self.handshakeId = handshakeId
        }

        public func validate(name: String) throws {
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, max: 34)
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, pattern: "^h-[0-9a-z]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case handshakeId = "HandshakeId"
        }
    }

    public struct CancelHandshakeResponse: AWSDecodableShape {
        /// A structure that contains details about the handshake that you canceled.
        public let handshake: Handshake?

        @inlinable
        public init(handshake: Handshake? = nil) {
            self.handshake = handshake
        }

        private enum CodingKeys: String, CodingKey {
            case handshake = "Handshake"
        }
    }

    public struct Child: AWSDecodableShape {
        /// The unique identifier (ID) of this child entity. The regex pattern for a child ID string requires one of the  following:    Account - A string that consists of exactly 12 digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that  contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional  lowercase letters or digits.
        public let id: String?
        /// The type of this child entity.
        public let type: ChildType?

        @inlinable
        public init(id: String? = nil, type: ChildType? = nil) {
            self.id = id
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case id = "Id"
            case type = "Type"
        }
    }

    public struct CloseAccountRequest: AWSEncodableShape {
        /// Retrieves the Amazon Web Services account Id for the current CloseAccount API request.
        public let accountId: String

        @inlinable
        public init(accountId: String) {
            self.accountId = accountId
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
        }
    }

    public struct ConstraintViolationException: AWSErrorShape {
        public let message: String?
        public let reason: ConstraintViolationExceptionReason?

        @inlinable
        public init(message: String? = nil, reason: ConstraintViolationExceptionReason? = nil) {
            self.message = message
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case reason = "Reason"
        }
    }

    public struct CreateAccountRequest: AWSEncodableShape {
        /// The friendly name of the member account.
        public let accountName: String
        /// The email address of the owner to assign to the new member account. This email address must not already be associated with another Amazon Web Services account. You must use a valid email address to complete account creation. The rules for a valid email address:   The address must be a minimum of 6 and a maximum of 64 characters long.   All characters must be 7-bit ASCII characters.   There must be one and only one @ symbol, which separates the local name from the domain name.   The local name can't contain any of the following characters: whitespace, " ' ( )  [ ] : ; , \ | % &   The local name can't begin with a dot (.)   The domain name can consist of only the characters [a-z],[A-Z],[0-9], hyphen (-), or dot (.)   The domain name can't begin or end with a hyphen (-) or dot (.)   The domain name must contain at least one dot   You can't access the root user of the account or remove an account that was created with an invalid email address.
        public let email: String
        /// If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, only the root user of the new account can access account billing information. For more information, see About IAM access to the Billing and Cost Management console in the Amazon Web Services Billing and Cost Management User Guide. If you don't specify this parameter, the value defaults to ALLOW, and IAM users and roles with the required permissions can access billing information for the new account.
        public let iamUserAccessToBilling: IAMUserAccessToBilling?
        /// The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account. If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. For more information about how to use this role to access the member account, see the following links:    Creating the OrganizationAccountAccessRole in an invited member account in the Organizations User Guide    Steps 2 and 3 in IAM Tutorial: Delegate access across Amazon Web Services accounts using IAM roles in the IAM User Guide    The regex pattern that  is used to validate this parameter. The pattern can include uppercase  letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@-
        public let roleName: String?
        /// A list of tags that you want to attach to the newly created account. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging Organizations resources in the Organizations User Guide.  If any one of the tags is not valid or if you exceed the maximum allowed number of tags for an account, then the entire request fails and the account is not created.
        public let tags: [Tag]?

        @inlinable
        public init(accountName: String, email: String, iamUserAccessToBilling: IAMUserAccessToBilling? = nil, roleName: String? = nil, tags: [Tag]? = nil) {
            self.accountName = accountName
            self.email = email
            self.iamUserAccessToBilling = iamUserAccessToBilling
            self.roleName = roleName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.accountName, name: "accountName", parent: name, max: 50)
            try self.validate(self.accountName, name: "accountName", parent: name, min: 1)
            try self.validate(self.accountName, name: "accountName", parent: name, pattern: "^[\\u0020-\\u007E]+$")
            try self.validate(self.email, name: "email", parent: name, max: 64)
            try self.validate(self.email, name: "email", parent: name, min: 6)
            try self.validate(self.email, name: "email", parent: name, pattern: "^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]{1,64}$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case accountName = "AccountName"
            case email = "Email"
            case iamUserAccessToBilling = "IamUserAccessToBilling"
            case roleName = "RoleName"
            case tags = "Tags"
        }
    }

    public struct CreateAccountResponse: AWSDecodableShape {
        /// A structure that contains details about the request to create an account. This response structure might not be fully populated when you first receive it because account creation is an asynchronous process. You can pass the returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus to get status about the progress of the request at later times. You can also check the CloudTrail log for the CreateAccountResult event. For more information, see Logging and monitoring in Organizations in the Organizations User Guide.
        public let createAccountStatus: CreateAccountStatus?

        @inlinable
        public init(createAccountStatus: CreateAccountStatus? = nil) {
            self.createAccountStatus = createAccountStatus
        }

        private enum CodingKeys: String, CodingKey {
            case createAccountStatus = "CreateAccountStatus"
        }
    }

    public struct CreateAccountStatus: AWSDecodableShape {
        /// If the account was created successfully, the unique identifier (ID) of the new account. The regex pattern for an account ID string requires exactly 12 digits.
        public let accountId: String?
        /// The account name given to the account when it was created.
        public let accountName: String?
        /// The date and time that the account was created and the request completed.
        public let completedTimestamp: Date?
        /// If the request failed, a description of the reason for the failure.   ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you reached the limit on the number of accounts in your organization.   CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with the same information.   EMAIL_ALREADY_EXISTS: The account could not be created because another Amazon Web Services account with that email address already exists.   FAILED_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization failed to receive business license validation.   GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the Amazon Web Services GovCloud (US) Region could not be created because this Region already includes an account with that email address.   IDENTITY_INVALID_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization can't complete business license validation because it doesn't have valid identity data.   INVALID_ADDRESS: The account could not be created because the address you provided is not valid.   INVALID_EMAIL: The account could not be created because the email address you provided is not valid.   INVALID_PAYMENT_INSTRUMENT: The Amazon Web Services account that owns your organization does not have a supported payment method associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.   INTERNAL_FAILURE: The account could not be created because of an internal failure. Try again later. If the problem persists, contact Amazon Web Services Customer Support.   MISSING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has not received Business Validation.   MISSING_PAYMENT_INSTRUMENT: You must configure the management account with a valid payment method, such as a credit card.   PENDING_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization is still in the process of completing business license validation.   UNKNOWN_BUSINESS_VALIDATION: The Amazon Web Services account that owns your organization has an unknown issue with business license validation.
        public let failureReason: CreateAccountFailureReason?
        /// If the account was created successfully, the unique identifier (ID) of the new account in the Amazon Web Services GovCloud (US) Region.
        public let govCloudAccountId: String?
        /// The unique identifier (ID) that references this request. You get this value from the response of the initial CreateAccount request to create the account. The regex pattern for a create account request ID string  requires "car-" followed by from 8 to 32 lowercase letters or digits.
        public let id: String?
        /// The date and time that the request was made for the account creation.
        public let requestedTimestamp: Date?
        /// The status of the asynchronous request to create an Amazon Web Services account.
        public let state: CreateAccountState?

        @inlinable
        public init(accountId: String? = nil, accountName: String? = nil, completedTimestamp: Date? = nil, failureReason: CreateAccountFailureReason? = nil, govCloudAccountId: String? = nil, id: String? = nil, requestedTimestamp: Date? = nil, state: CreateAccountState? = nil) {
            self.accountId = accountId
            self.accountName = accountName
            self.completedTimestamp = completedTimestamp
            self.failureReason = failureReason
            self.govCloudAccountId = govCloudAccountId
            self.id = id
            self.requestedTimestamp = requestedTimestamp
            self.state = state
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case accountName = "AccountName"
            case completedTimestamp = "CompletedTimestamp"
            case failureReason = "FailureReason"
            case govCloudAccountId = "GovCloudAccountId"
            case id = "Id"
            case requestedTimestamp = "RequestedTimestamp"
            case state = "State"
        }
    }

    public struct CreateGovCloudAccountRequest: AWSEncodableShape {
        /// The friendly name of the member account.  The account name can consist of only the characters [a-z],[A-Z],[0-9], hyphen (-), or dot (.) You can't separate characters with a dash (–).
        public let accountName: String
        /// Specifies the email address of the owner to assign to the new member account in the commercial Region. This email address must not already be associated with another Amazon Web Services account. You must use a valid email address to complete account creation. The rules for a valid email address:   The address must be a minimum of 6 and a maximum of 64 characters long.   All characters must be 7-bit ASCII characters.   There must be one and only one @ symbol, which separates the local name from the domain name.   The local name can't contain any of the following characters: whitespace, " ' ( )  [ ] : ; , \ | % &   The local name can't begin with a dot (.)   The domain name can consist of only the characters [a-z],[A-Z],[0-9], hyphen (-), or dot (.)   The domain name can't begin or end with a hyphen (-) or dot (.)   The domain name must contain at least one dot   You can't access the root user of the account or remove an account that was created with an invalid email address. Like all request parameters for CreateGovCloudAccount, the request for the email address for the Amazon Web Services GovCloud (US) account originates from the commercial Region, not from the Amazon Web Services GovCloud (US) Region.
        public let email: String
        /// If set to ALLOW, the new linked account in the commercial Region enables IAM users to access account billing information if they have the required permissions. If set to DENY, only the root user of the new account can access account billing information. For more information, see About IAM access to the Billing and Cost Management console in the Amazon Web Services Billing and Cost Management User Guide. If you don't specify this parameter, the value defaults to ALLOW, and IAM users and roles with the required permissions can access billing information for the new account.
        public let iamUserAccessToBilling: IAMUserAccessToBilling?
        /// (Optional) The name of an IAM role that Organizations automatically preconfigures in the new member accounts in both the Amazon Web Services GovCloud (US) Region and in the commercial Region. This role trusts the management account, allowing users in the management account to assume the role, as permitted by the management account administrator. The role has administrator permissions in the new member account. If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole. For more information about how to use this role to access the member account, see the following links:    Creating the OrganizationAccountAccessRole in an invited member account in the Organizations User Guide    Steps 2 and 3 in IAM Tutorial: Delegate access across Amazon Web Services accounts using IAM roles in the IAM User Guide    The regex pattern that  is used to validate this parameter. The pattern can include uppercase  letters, lowercase letters, digits with no spaces, and any of the following characters: =,.@-
        public let roleName: String?
        /// A list of tags that you want to attach to the newly created account. These tags are attached to the commercial account associated with the GovCloud account, and not to the GovCloud account itself. To add tags to the actual GovCloud account, call the TagResource operation in the GovCloud region after the new GovCloud account exists. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging Organizations resources in the Organizations User Guide.  If any one of the tags is not valid or if you exceed the maximum allowed number of tags for an account, then the entire request fails and the account is not created.
        public let tags: [Tag]?

        @inlinable
        public init(accountName: String, email: String, iamUserAccessToBilling: IAMUserAccessToBilling? = nil, roleName: String? = nil, tags: [Tag]? = nil) {
            self.accountName = accountName
            self.email = email
            self.iamUserAccessToBilling = iamUserAccessToBilling
            self.roleName = roleName
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.accountName, name: "accountName", parent: name, max: 50)
            try self.validate(self.accountName, name: "accountName", parent: name, min: 1)
            try self.validate(self.accountName, name: "accountName", parent: name, pattern: "^[\\u0020-\\u007E]+$")
            try self.validate(self.email, name: "email", parent: name, max: 64)
            try self.validate(self.email, name: "email", parent: name, min: 6)
            try self.validate(self.email, name: "email", parent: name, pattern: "^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$")
            try self.validate(self.roleName, name: "roleName", parent: name, max: 64)
            try self.validate(self.roleName, name: "roleName", parent: name, pattern: "^[\\w+=,.@-]{1,64}$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case accountName = "AccountName"
            case email = "Email"
            case iamUserAccessToBilling = "IamUserAccessToBilling"
            case roleName = "RoleName"
            case tags = "Tags"
        }
    }

    public struct CreateGovCloudAccountResponse: AWSDecodableShape {
        public let createAccountStatus: CreateAccountStatus?

        @inlinable
        public init(createAccountStatus: CreateAccountStatus? = nil) {
            self.createAccountStatus = createAccountStatus
        }

        private enum CodingKeys: String, CodingKey {
            case createAccountStatus = "CreateAccountStatus"
        }
    }

    public struct CreateOrganizationRequest: AWSEncodableShape {
        /// Specifies the feature set supported by the new organization. Each feature set supports different levels of functionality.    CONSOLIDATED_BILLING: All member accounts have their bills consolidated to and paid by the management account. For more information, see Consolidated billing in the Organizations User Guide. The consolidated billing feature subset isn't available for organizations in the Amazon Web Services GovCloud (US) Region.    ALL: In addition to all the features supported by the consolidated billing feature set, the management account can also apply any policy type to any member account in the organization. For more information, see All features in the Organizations User Guide.
        public let featureSet: OrganizationFeatureSet?

        @inlinable
        public init(featureSet: OrganizationFeatureSet? = nil) {
            self.featureSet = featureSet
        }

        private enum CodingKeys: String, CodingKey {
            case featureSet = "FeatureSet"
        }
    }

    public struct CreateOrganizationResponse: AWSDecodableShape {
        /// A structure that contains details about the newly created organization.
        public let organization: Organization?

        @inlinable
        public init(organization: Organization? = nil) {
            self.organization = organization
        }

        private enum CodingKeys: String, CodingKey {
            case organization = "Organization"
        }
    }

    public struct CreateOrganizationalUnitRequest: AWSEncodableShape {
        /// The friendly name to assign to the new OU.
        public let name: String
        /// The unique identifier (ID) of the parent root or OU that you want to create the new OU in. The regex pattern for a parent ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let parentId: String
        /// A list of tags that you want to attach to the newly created OU. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging Organizations resources in the Organizations User Guide.  If any one of the tags is not valid or if you exceed the allowed number of tags for an OU, then the entire request fails and the OU is not created.
        public let tags: [Tag]?

        @inlinable
        public init(name: String, parentId: String, tags: [Tag]? = nil) {
            self.name = name
            self.parentId = parentId
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.parentId, name: "parentId", parent: name, max: 100)
            try self.validate(self.parentId, name: "parentId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case name = "Name"
            case parentId = "ParentId"
            case tags = "Tags"
        }
    }

    public struct CreateOrganizationalUnitResponse: AWSDecodableShape {
        /// A structure that contains details about the newly created OU.
        public let organizationalUnit: OrganizationalUnit?

        @inlinable
        public init(organizationalUnit: OrganizationalUnit? = nil) {
            self.organizationalUnit = organizationalUnit
        }

        private enum CodingKeys: String, CodingKey {
            case organizationalUnit = "OrganizationalUnit"
        }
    }

    public struct CreatePolicyRequest: AWSEncodableShape {
        /// The policy text content to add to the new policy. The text that you supply must adhere to the rules of the policy type you specify in the Type parameter.  The maximum size of a policy document depends on the policy's type. For more information, see Maximum and minimum values in the Organizations User Guide.
        public let content: String
        /// An optional description to assign to the policy.
        public let description: String
        /// The friendly name to assign to the policy. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String
        /// A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging Organizations resources in the Organizations User Guide.  If any one of the tags is not valid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.
        public let tags: [Tag]?
        /// The type of policy to create. You can specify one of the following values:    SERVICE_CONTROL_POLICY     RESOURCE_CONTROL_POLICY     DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let type: PolicyType

        @inlinable
        public init(content: String, description: String, name: String, tags: [Tag]? = nil, type: PolicyType) {
            self.content = content
            self.description = description
            self.name = name
            self.tags = tags
            self.type = type
        }

        public func validate(name: String) throws {
            try self.validate(self.content, name: "content", parent: name, min: 1)
            try self.validate(self.content, name: "content", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.description, name: "description", parent: name, max: 512)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^[\\s\\S]*$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case content = "Content"
            case description = "Description"
            case name = "Name"
            case tags = "Tags"
            case type = "Type"
        }
    }

    public struct CreatePolicyResponse: AWSDecodableShape {
        /// A structure that contains details about the newly created policy.
        public let policy: Policy?

        @inlinable
        public init(policy: Policy? = nil) {
            self.policy = policy
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
        }
    }

    public struct DeclineHandshakeRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the handshake that you want to decline. You can get the ID from the ListHandshakesForAccount operation. The regex pattern for  handshake ID string requires "h-"  followed by from 8 to 32 lowercase letters or digits.
        public let handshakeId: String

        @inlinable
        public init(handshakeId: String) {
            self.handshakeId = handshakeId
        }

        public func validate(name: String) throws {
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, max: 34)
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, pattern: "^h-[0-9a-z]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case handshakeId = "HandshakeId"
        }
    }

    public struct DeclineHandshakeResponse: AWSDecodableShape {
        /// A structure that contains details about the declined handshake. The state is updated to show the value DECLINED.
        public let handshake: Handshake?

        @inlinable
        public init(handshake: Handshake? = nil) {
            self.handshake = handshake
        }

        private enum CodingKeys: String, CodingKey {
            case handshake = "Handshake"
        }
    }

    public struct DelegatedAdministrator: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the delegated administrator's account.
        public let arn: String?
        /// The date when the account was made a delegated administrator.
        public let delegationEnabledDate: Date?
        /// The email address that is associated with the delegated administrator's Amazon Web Services account.
        public let email: String?
        /// The unique identifier (ID) of the delegated administrator's account.
        public let id: String?
        /// The method by which the delegated administrator's account joined the organization.
        public let joinedMethod: AccountJoinedMethod?
        /// The date when the delegated administrator's account became a part of the organization.
        public let joinedTimestamp: Date?
        /// The friendly name of the delegated administrator's account.
        public let name: String?
        /// The status of the delegated administrator's account in the organization.
        public let status: AccountStatus?

        @inlinable
        public init(arn: String? = nil, delegationEnabledDate: Date? = nil, email: String? = nil, id: String? = nil, joinedMethod: AccountJoinedMethod? = nil, joinedTimestamp: Date? = nil, name: String? = nil, status: AccountStatus? = nil) {
            self.arn = arn
            self.delegationEnabledDate = delegationEnabledDate
            self.email = email
            self.id = id
            self.joinedMethod = joinedMethod
            self.joinedTimestamp = joinedTimestamp
            self.name = name
            self.status = status
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case delegationEnabledDate = "DelegationEnabledDate"
            case email = "Email"
            case id = "Id"
            case joinedMethod = "JoinedMethod"
            case joinedTimestamp = "JoinedTimestamp"
            case name = "Name"
            case status = "Status"
        }
    }

    public struct DelegatedService: AWSDecodableShape {
        /// The date that the account became a delegated administrator for this service.
        public let delegationEnabledDate: Date?
        /// The name of an Amazon Web Services service that can request an operation for the specified service. This is typically in the form of a URL, such as:  servicename.amazonaws.com.
        public let servicePrincipal: String?

        @inlinable
        public init(delegationEnabledDate: Date? = nil, servicePrincipal: String? = nil) {
            self.delegationEnabledDate = delegationEnabledDate
            self.servicePrincipal = servicePrincipal
        }

        private enum CodingKeys: String, CodingKey {
            case delegationEnabledDate = "DelegationEnabledDate"
            case servicePrincipal = "ServicePrincipal"
        }
    }

    public struct DeleteOrganizationalUnitRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the organizational unit that you want to delete. You can get the ID from the ListOrganizationalUnitsForParent operation. The regex pattern for an organizational unit ID string requires  "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the  OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters  or digits.
        public let organizationalUnitId: String

        @inlinable
        public init(organizationalUnitId: String) {
            self.organizationalUnitId = organizationalUnitId
        }

        public func validate(name: String) throws {
            try self.validate(self.organizationalUnitId, name: "organizationalUnitId", parent: name, max: 68)
            try self.validate(self.organizationalUnitId, name: "organizationalUnitId", parent: name, pattern: "^ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case organizationalUnitId = "OrganizationalUnitId"
        }
    }

    public struct DeletePolicyRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the policy that you want to delete. You can get the ID from the ListPolicies or ListPoliciesForTarget operations. The regex pattern for a policy ID string requires "p-" followed  by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
        public let policyId: String

        @inlinable
        public init(policyId: String) {
            self.policyId = policyId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyId, name: "policyId", parent: name, max: 130)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^p-[0-9a-zA-Z_]{8,128}$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "PolicyId"
        }
    }

    public struct DeregisterDelegatedAdministratorRequest: AWSEncodableShape {
        /// The account ID number of the member account in the organization that you want to deregister as a delegated administrator.
        public let accountId: String
        /// The service principal name of an Amazon Web Services service for which the account is a delegated administrator. Delegated administrator privileges are revoked for only the specified Amazon Web Services service from the member account. If the specified service is the only service for which the member account is a delegated administrator, the operation also revokes Organizations read action permissions.
        public let servicePrincipal: String

        @inlinable
        public init(accountId: String, servicePrincipal: String) {
            self.accountId = accountId
            self.servicePrincipal = servicePrincipal
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, max: 128)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, min: 1)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, pattern: "^[\\w+=,.@-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case servicePrincipal = "ServicePrincipal"
        }
    }

    public struct DescribeAccountRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the Amazon Web Services account that you want information about. You can get the ID from the ListAccounts or ListAccountsForParent operations. The regex pattern for an account ID string requires exactly 12 digits.
        public let accountId: String

        @inlinable
        public init(accountId: String) {
            self.accountId = accountId
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
        }
    }

    public struct DescribeAccountResponse: AWSDecodableShape {
        /// A structure that contains information about the requested account.  The Status parameter in the API response will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.
        public let account: Account?

        @inlinable
        public init(account: Account? = nil) {
            self.account = account
        }

        private enum CodingKeys: String, CodingKey {
            case account = "Account"
        }
    }

    public struct DescribeCreateAccountStatusRequest: AWSEncodableShape {
        /// Specifies the Id value that uniquely identifies the CreateAccount request. You can get the value from the CreateAccountStatus.Id response in an earlier CreateAccount request, or from the ListCreateAccountStatus operation. The regex pattern for a create account request ID string  requires "car-" followed by from 8 to 32 lowercase letters or digits.
        public let createAccountRequestId: String

        @inlinable
        public init(createAccountRequestId: String) {
            self.createAccountRequestId = createAccountRequestId
        }

        public func validate(name: String) throws {
            try self.validate(self.createAccountRequestId, name: "createAccountRequestId", parent: name, max: 36)
            try self.validate(self.createAccountRequestId, name: "createAccountRequestId", parent: name, pattern: "^car-[a-z0-9]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case createAccountRequestId = "CreateAccountRequestId"
        }
    }

    public struct DescribeCreateAccountStatusResponse: AWSDecodableShape {
        /// A structure that contains the current status of an account creation request.
        public let createAccountStatus: CreateAccountStatus?

        @inlinable
        public init(createAccountStatus: CreateAccountStatus? = nil) {
            self.createAccountStatus = createAccountStatus
        }

        private enum CodingKeys: String, CodingKey {
            case createAccountStatus = "CreateAccountStatus"
        }
    }

    public struct DescribeEffectivePolicyRequest: AWSEncodableShape {
        /// The type of policy that you want information about. You can specify one of the following values:    DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let policyType: EffectivePolicyType
        /// When you're signed in as the management account, specify the ID of the account that you want details about. Specifying an organization root or organizational unit (OU) as the target is not supported.
        public let targetId: String?

        @inlinable
        public init(policyType: EffectivePolicyType, targetId: String? = nil) {
            self.policyType = policyType
            self.targetId = targetId
        }

        public func validate(name: String) throws {
            try self.validate(self.targetId, name: "targetId", parent: name, max: 100)
            try self.validate(self.targetId, name: "targetId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyType = "PolicyType"
            case targetId = "TargetId"
        }
    }

    public struct DescribeEffectivePolicyResponse: AWSDecodableShape {
        /// The contents of the effective policy.
        public let effectivePolicy: EffectivePolicy?

        @inlinable
        public init(effectivePolicy: EffectivePolicy? = nil) {
            self.effectivePolicy = effectivePolicy
        }

        private enum CodingKeys: String, CodingKey {
            case effectivePolicy = "EffectivePolicy"
        }
    }

    public struct DescribeHandshakeRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the handshake that you want information about. You can get the ID from the original call to InviteAccountToOrganization, or from a call to ListHandshakesForAccount or ListHandshakesForOrganization. The regex pattern for  handshake ID string requires "h-"  followed by from 8 to 32 lowercase letters or digits.
        public let handshakeId: String

        @inlinable
        public init(handshakeId: String) {
            self.handshakeId = handshakeId
        }

        public func validate(name: String) throws {
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, max: 34)
            try self.validate(self.handshakeId, name: "handshakeId", parent: name, pattern: "^h-[0-9a-z]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case handshakeId = "HandshakeId"
        }
    }

    public struct DescribeHandshakeResponse: AWSDecodableShape {
        /// A structure that contains information about the specified handshake.
        public let handshake: Handshake?

        @inlinable
        public init(handshake: Handshake? = nil) {
            self.handshake = handshake
        }

        private enum CodingKeys: String, CodingKey {
            case handshake = "Handshake"
        }
    }

    public struct DescribeOrganizationResponse: AWSDecodableShape {
        /// A structure that contains information about the organization.  The AvailablePolicyTypes part of the response is deprecated, and you shouldn't use it in your apps. It doesn't include any policy type supported by Organizations other than SCPs. In the China (Ningxia) Region, no policy type is included. To determine which policy types are enabled in your organization, use the  ListRoots operation.
        public let organization: Organization?

        @inlinable
        public init(organization: Organization? = nil) {
            self.organization = organization
        }

        private enum CodingKeys: String, CodingKey {
            case organization = "Organization"
        }
    }

    public struct DescribeOrganizationalUnitRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the organizational unit that you want details about. You can get the ID from the ListOrganizationalUnitsForParent operation. The regex pattern for an organizational unit ID string requires  "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the  OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters  or digits.
        public let organizationalUnitId: String

        @inlinable
        public init(organizationalUnitId: String) {
            self.organizationalUnitId = organizationalUnitId
        }

        public func validate(name: String) throws {
            try self.validate(self.organizationalUnitId, name: "organizationalUnitId", parent: name, max: 68)
            try self.validate(self.organizationalUnitId, name: "organizationalUnitId", parent: name, pattern: "^ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case organizationalUnitId = "OrganizationalUnitId"
        }
    }

    public struct DescribeOrganizationalUnitResponse: AWSDecodableShape {
        /// A structure that contains details about the specified OU.
        public let organizationalUnit: OrganizationalUnit?

        @inlinable
        public init(organizationalUnit: OrganizationalUnit? = nil) {
            self.organizationalUnit = organizationalUnit
        }

        private enum CodingKeys: String, CodingKey {
            case organizationalUnit = "OrganizationalUnit"
        }
    }

    public struct DescribePolicyRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the policy that you want details about. You can get the ID from the ListPolicies or ListPoliciesForTarget operations. The regex pattern for a policy ID string requires "p-" followed  by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
        public let policyId: String

        @inlinable
        public init(policyId: String) {
            self.policyId = policyId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyId, name: "policyId", parent: name, max: 130)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^p-[0-9a-zA-Z_]{8,128}$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "PolicyId"
        }
    }

    public struct DescribePolicyResponse: AWSDecodableShape {
        /// A structure that contains details about the specified policy.
        public let policy: Policy?

        @inlinable
        public init(policy: Policy? = nil) {
            self.policy = policy
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
        }
    }

    public struct DescribeResourcePolicyResponse: AWSDecodableShape {
        /// A structure that contains details about the resource policy.
        public let resourcePolicy: ResourcePolicy?

        @inlinable
        public init(resourcePolicy: ResourcePolicy? = nil) {
            self.resourcePolicy = resourcePolicy
        }

        private enum CodingKeys: String, CodingKey {
            case resourcePolicy = "ResourcePolicy"
        }
    }

    public struct DetachPolicyRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the policy you want to detach. You can get the ID from the ListPolicies or ListPoliciesForTarget operations. The regex pattern for a policy ID string requires "p-" followed  by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
        public let policyId: String
        /// The unique identifier (ID) of the root, OU, or account that you want to detach the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations. The regex pattern for a target ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Account - A string that consists of exactly 12 digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32  lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let targetId: String

        @inlinable
        public init(policyId: String, targetId: String) {
            self.policyId = policyId
            self.targetId = targetId
        }

        public func validate(name: String) throws {
            try self.validate(self.policyId, name: "policyId", parent: name, max: 130)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^p-[0-9a-zA-Z_]{8,128}$")
            try self.validate(self.targetId, name: "targetId", parent: name, max: 100)
            try self.validate(self.targetId, name: "targetId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyId = "PolicyId"
            case targetId = "TargetId"
        }
    }

    public struct DisableAWSServiceAccessRequest: AWSEncodableShape {
        /// The service principal name of the Amazon Web Services service for which you want to disable integration with your organization. This is typically in the form of a URL, such as  service-abbreviation.amazonaws.com.
        public let servicePrincipal: String

        @inlinable
        public init(servicePrincipal: String) {
            self.servicePrincipal = servicePrincipal
        }

        public func validate(name: String) throws {
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, max: 128)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, min: 1)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, pattern: "^[\\w+=,.@-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case servicePrincipal = "ServicePrincipal"
        }
    }

    public struct DisablePolicyTypeRequest: AWSEncodableShape {
        /// The policy type that you want to disable in this root. You can specify one of the following values:    SERVICE_CONTROL_POLICY     RESOURCE_CONTROL_POLICY     DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let policyType: PolicyType
        /// The unique identifier (ID) of the root in which you want to disable a policy type. You can get the ID from the ListRoots operation. The regex pattern for a root ID string requires "r-" followed by  from 4 to 32 lowercase letters or digits.
        public let rootId: String

        @inlinable
        public init(policyType: PolicyType, rootId: String) {
            self.policyType = policyType
            self.rootId = rootId
        }

        public func validate(name: String) throws {
            try self.validate(self.rootId, name: "rootId", parent: name, max: 34)
            try self.validate(self.rootId, name: "rootId", parent: name, pattern: "^r-[0-9a-z]{4,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyType = "PolicyType"
            case rootId = "RootId"
        }
    }

    public struct DisablePolicyTypeResponse: AWSDecodableShape {
        /// A structure that shows the root with the updated list of enabled policy types.
        public let root: Root?

        @inlinable
        public init(root: Root? = nil) {
            self.root = root
        }

        private enum CodingKeys: String, CodingKey {
            case root = "Root"
        }
    }

    public struct EffectivePolicy: AWSDecodableShape {
        /// The time of the last update to this policy.
        public let lastUpdatedTimestamp: Date?
        /// The text content of the policy.
        public let policyContent: String?
        /// The policy type.
        public let policyType: EffectivePolicyType?
        /// The account ID of the policy target.
        public let targetId: String?

        @inlinable
        public init(lastUpdatedTimestamp: Date? = nil, policyContent: String? = nil, policyType: EffectivePolicyType? = nil, targetId: String? = nil) {
            self.lastUpdatedTimestamp = lastUpdatedTimestamp
            self.policyContent = policyContent
            self.policyType = policyType
            self.targetId = targetId
        }

        private enum CodingKeys: String, CodingKey {
            case lastUpdatedTimestamp = "LastUpdatedTimestamp"
            case policyContent = "PolicyContent"
            case policyType = "PolicyType"
            case targetId = "TargetId"
        }
    }

    public struct EffectivePolicyValidationError: AWSDecodableShape {
        /// The individual policies inherited and attached to the account which contributed to the validation error.
        public let contributingPolicies: [String]?
        /// The error code for the validation error. For example, ELEMENTS_TOO_MANY.
        public let errorCode: String?
        /// The error message for the validation error.
        public let errorMessage: String?
        /// The path within the effective policy where the validation error occurred.
        public let pathToError: String?

        @inlinable
        public init(contributingPolicies: [String]? = nil, errorCode: String? = nil, errorMessage: String? = nil, pathToError: String? = nil) {
            self.contributingPolicies = contributingPolicies
            self.errorCode = errorCode
            self.errorMessage = errorMessage
            self.pathToError = pathToError
        }

        private enum CodingKeys: String, CodingKey {
            case contributingPolicies = "ContributingPolicies"
            case errorCode = "ErrorCode"
            case errorMessage = "ErrorMessage"
            case pathToError = "PathToError"
        }
    }

    public struct EnableAWSServiceAccessRequest: AWSEncodableShape {
        /// The service principal name of the Amazon Web Services service for which you want to enable integration with your organization. This is typically in the form of a URL, such as  service-abbreviation.amazonaws.com.
        public let servicePrincipal: String

        @inlinable
        public init(servicePrincipal: String) {
            self.servicePrincipal = servicePrincipal
        }

        public func validate(name: String) throws {
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, max: 128)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, min: 1)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, pattern: "^[\\w+=,.@-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case servicePrincipal = "ServicePrincipal"
        }
    }

    public struct EnableAllFeaturesRequest: AWSEncodableShape {
        public init() {}
    }

    public struct EnableAllFeaturesResponse: AWSDecodableShape {
        /// A structure that contains details about the handshake created to support this request to enable all features in the organization.
        public let handshake: Handshake?

        @inlinable
        public init(handshake: Handshake? = nil) {
            self.handshake = handshake
        }

        private enum CodingKeys: String, CodingKey {
            case handshake = "Handshake"
        }
    }

    public struct EnablePolicyTypeRequest: AWSEncodableShape {
        /// The policy type that you want to enable. You can specify one of the following values:    SERVICE_CONTROL_POLICY     RESOURCE_CONTROL_POLICY     DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let policyType: PolicyType
        /// The unique identifier (ID) of the root in which you want to enable a policy type. You can get the ID from the ListRoots operation. The regex pattern for a root ID string requires "r-" followed by  from 4 to 32 lowercase letters or digits.
        public let rootId: String

        @inlinable
        public init(policyType: PolicyType, rootId: String) {
            self.policyType = policyType
            self.rootId = rootId
        }

        public func validate(name: String) throws {
            try self.validate(self.rootId, name: "rootId", parent: name, max: 34)
            try self.validate(self.rootId, name: "rootId", parent: name, pattern: "^r-[0-9a-z]{4,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case policyType = "PolicyType"
            case rootId = "RootId"
        }
    }

    public struct EnablePolicyTypeResponse: AWSDecodableShape {
        /// A structure that shows the root with the updated list of enabled policy types.
        public let root: Root?

        @inlinable
        public init(root: Root? = nil) {
            self.root = root
        }

        private enum CodingKeys: String, CodingKey {
            case root = "Root"
        }
    }

    public struct EnabledServicePrincipal: AWSDecodableShape {
        /// The date that the service principal was enabled for integration with Organizations.
        public let dateEnabled: Date?
        /// The name of the service principal. This is typically in the form of a URL, such as:  servicename.amazonaws.com.
        public let servicePrincipal: String?

        @inlinable
        public init(dateEnabled: Date? = nil, servicePrincipal: String? = nil) {
            self.dateEnabled = dateEnabled
            self.servicePrincipal = servicePrincipal
        }

        private enum CodingKeys: String, CodingKey {
            case dateEnabled = "DateEnabled"
            case servicePrincipal = "ServicePrincipal"
        }
    }

    public struct Handshake: AWSDecodableShape {
        /// The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported:    INVITE: This type of handshake represents a request to join an organization. It is always sent from the management account to only non-member accounts.    ENABLE_ALL_FEATURES: This type of handshake represents a request to enable all features in an organization. It is always sent from the management account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's management account and approval is inferred.    APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations service when all member accounts have approved the ENABLE_ALL_FEATURES invitation. It is sent only to the management account and signals the master that it can finalize the process to enable all features.
        public let action: ActionType?
        /// The Amazon Resource Name (ARN) of a handshake. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let arn: String?
        /// The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
        public let expirationTimestamp: Date?
        /// The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake. The regex pattern for  handshake ID string requires "h-"  followed by from 8 to 32 lowercase letters or digits.
        public let id: String?
        /// Information about the two accounts that are participating in the handshake.
        public let parties: [HandshakeParty]?
        /// The date and time that the handshake request was made.
        public let requestedTimestamp: Date?
        /// Additional information that is needed to process the handshake.
        public let resources: [HandshakeResource]?
        /// The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows:    REQUESTED: This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond.    OPEN: This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action.    CANCELED: This handshake is no longer active because it was canceled by the originating account.    ACCEPTED: This handshake is complete because it has been accepted by the recipient.    DECLINED: This handshake is no longer active because it was declined by the recipient account.    EXPIRED: This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
        public let state: HandshakeState?

        @inlinable
        public init(action: ActionType? = nil, arn: String? = nil, expirationTimestamp: Date? = nil, id: String? = nil, parties: [HandshakeParty]? = nil, requestedTimestamp: Date? = nil, resources: [HandshakeResource]? = nil, state: HandshakeState? = nil) {
            self.action = action
            self.arn = arn
            self.expirationTimestamp = expirationTimestamp
            self.id = id
            self.parties = parties
            self.requestedTimestamp = requestedTimestamp
            self.resources = resources
            self.state = state
        }

        private enum CodingKeys: String, CodingKey {
            case action = "Action"
            case arn = "Arn"
            case expirationTimestamp = "ExpirationTimestamp"
            case id = "Id"
            case parties = "Parties"
            case requestedTimestamp = "RequestedTimestamp"
            case resources = "Resources"
            case state = "State"
        }
    }

    public struct HandshakeConstraintViolationException: AWSErrorShape {
        public let message: String?
        public let reason: HandshakeConstraintViolationExceptionReason?

        @inlinable
        public init(message: String? = nil, reason: HandshakeConstraintViolationExceptionReason? = nil) {
            self.message = message
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case reason = "Reason"
        }
    }

    public struct HandshakeFilter: AWSEncodableShape {
        /// Specifies the type of handshake action. If you specify ActionType, you cannot also specify ParentHandshakeId.
        public let actionType: ActionType?
        /// Specifies the parent handshake. Only used for handshake types that are a child of another type. If you specify ParentHandshakeId, you cannot also specify ActionType. The regex pattern for  handshake ID string requires "h-"  followed by from 8 to 32 lowercase letters or digits.
        public let parentHandshakeId: String?

        @inlinable
        public init(actionType: ActionType? = nil, parentHandshakeId: String? = nil) {
            self.actionType = actionType
            self.parentHandshakeId = parentHandshakeId
        }

        public func validate(name: String) throws {
            try self.validate(self.parentHandshakeId, name: "parentHandshakeId", parent: name, max: 34)
            try self.validate(self.parentHandshakeId, name: "parentHandshakeId", parent: name, pattern: "^h-[0-9a-z]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case actionType = "ActionType"
            case parentHandshakeId = "ParentHandshakeId"
        }
    }

    public struct HandshakeParty: AWSEncodableShape & AWSDecodableShape {
        /// The unique identifier (ID) for the party. The regex pattern for  handshake ID string requires "h-"  followed by from 8 to 32 lowercase letters or digits.
        public let id: String
        /// The type of party.
        public let type: HandshakePartyType

        @inlinable
        public init(id: String, type: HandshakePartyType) {
            self.id = id
            self.type = type
        }

        public func validate(name: String) throws {
            try self.validate(self.id, name: "id", parent: name, max: 64)
            try self.validate(self.id, name: "id", parent: name, min: 1)
            try self.validate(self.id, name: "id", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case id = "Id"
            case type = "Type"
        }
    }

    public struct HandshakeResource: AWSDecodableShape {
        /// When needed, contains an additional array of HandshakeResource objects.
        public let resources: [HandshakeResource]?
        /// The type of information being passed, specifying how the value is to be interpreted by the other party:    ACCOUNT - Specifies an Amazon Web Services account ID number.    ORGANIZATION - Specifies an organization ID number.    EMAIL - Specifies the email address that is associated with the account that receives the handshake.     OWNER_EMAIL - Specifies the email address associated with the management account. Included as information about an organization.     OWNER_NAME - Specifies the name associated with the management account. Included as information about an organization.     NOTES - Additional text provided by the handshake initiator and intended for the recipient to read.
        public let type: HandshakeResourceType?
        /// The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
        public let value: String?

        @inlinable
        public init(resources: [HandshakeResource]? = nil, type: HandshakeResourceType? = nil, value: String? = nil) {
            self.resources = resources
            self.type = type
            self.value = value
        }

        private enum CodingKeys: String, CodingKey {
            case resources = "Resources"
            case type = "Type"
            case value = "Value"
        }
    }

    public struct InvalidInputException: AWSErrorShape {
        public let message: String?
        public let reason: InvalidInputExceptionReason?

        @inlinable
        public init(message: String? = nil, reason: InvalidInputExceptionReason? = nil) {
            self.message = message
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case reason = "Reason"
        }
    }

    public struct InviteAccountToOrganizationRequest: AWSEncodableShape {
        /// Additional information that you want to include in the generated email to the recipient account owner.
        public let notes: String?
        /// A list of tags that you want to attach to the account when it becomes a member of the organization. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging Organizations resources in the Organizations User Guide.  Any tags in the request are checked for compliance with any applicable tag policies when the request is made. The request is rejected if the tags in the request don't match the requirements of the policy at that time. Tag policy compliance is  not checked again when the invitation is accepted and the tags are actually attached to the account. That means that if the tag policy changes between the invitation and the acceptance, then that tags could potentially be non-compliant.   If any one of the tags is not valid or if you exceed the allowed number of tags for an account, then the entire request fails and invitations are not sent.
        public let tags: [Tag]?
        /// The identifier (ID) of the Amazon Web Services account that you want to invite to join your organization. This is a JSON object that contains the following elements:  { "Type": "ACCOUNT", "Id": " account id number >" }  If you use the CLI, you can submit this as a single string, similar to the following example:  --target Id=123456789012,Type=ACCOUNT  If you specify "Type": "ACCOUNT", you must provide the Amazon Web Services account ID number as the Id. If you specify "Type": "EMAIL", you must specify the email address that is associated with the account.  --target Id=diego@example.com,Type=EMAIL
        public let target: HandshakeParty

        @inlinable
        public init(notes: String? = nil, tags: [Tag]? = nil, target: HandshakeParty) {
            self.notes = notes
            self.tags = tags
            self.target = target
        }

        public func validate(name: String) throws {
            try self.validate(self.notes, name: "notes", parent: name, max: 1024)
            try self.validate(self.notes, name: "notes", parent: name, pattern: "^[\\s\\S]*$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.target.validate(name: "\(name).target")
        }

        private enum CodingKeys: String, CodingKey {
            case notes = "Notes"
            case tags = "Tags"
            case target = "Target"
        }
    }

    public struct InviteAccountToOrganizationResponse: AWSDecodableShape {
        /// A structure that contains details about the handshake that is created to support this invitation request.
        public let handshake: Handshake?

        @inlinable
        public init(handshake: Handshake? = nil) {
            self.handshake = handshake
        }

        private enum CodingKeys: String, CodingKey {
            case handshake = "Handshake"
        }
    }

    public struct ListAWSServiceAccessForOrganizationRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListAWSServiceAccessForOrganizationResponse: AWSDecodableShape {
        /// A list of the service principals for the services that are enabled to integrate with your organization. Each principal is a structure that includes the name and the date that it was enabled for integration with Organizations.
        public let enabledServicePrincipals: [EnabledServicePrincipal]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(enabledServicePrincipals: [EnabledServicePrincipal]? = nil, nextToken: String? = nil) {
            self.enabledServicePrincipals = enabledServicePrincipals
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case enabledServicePrincipals = "EnabledServicePrincipals"
            case nextToken = "NextToken"
        }
    }

    public struct ListAccountsForParentRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The unique identifier (ID) for the parent root or organization unit (OU) whose accounts you want to list.
        public let parentId: String

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, parentId: String) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.parentId = parentId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.parentId, name: "parentId", parent: name, max: 100)
            try self.validate(self.parentId, name: "parentId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case parentId = "ParentId"
        }
    }

    public struct ListAccountsForParentResponse: AWSDecodableShape {
        /// A list of the accounts in the specified root or OU.  The Status parameter in the API response will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.
        public let accounts: [Account]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(accounts: [Account]? = nil, nextToken: String? = nil) {
            self.accounts = accounts
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case accounts = "Accounts"
            case nextToken = "NextToken"
        }
    }

    public struct ListAccountsRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListAccountsResponse: AWSDecodableShape {
        /// A list of objects in the organization.  The Status parameter in the API response will be retired on September 9, 2026. Although both the account State and account Status parameters are currently available in the Organizations APIs (DescribeAccount, ListAccounts, ListAccountsForParent), we recommend that you update your scripts or other code to use the State parameter instead of Status before September 9, 2026.
        public let accounts: [Account]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(accounts: [Account]? = nil, nextToken: String? = nil) {
            self.accounts = accounts
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case accounts = "Accounts"
            case nextToken = "NextToken"
        }
    }

    public struct ListAccountsWithInvalidEffectivePolicyRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The type of policy that you want information about. You can specify one of the following values:    DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let policyType: EffectivePolicyType

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, policyType: EffectivePolicyType) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.policyType = policyType
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case policyType = "PolicyType"
        }
    }

    public struct ListAccountsWithInvalidEffectivePolicyResponse: AWSDecodableShape {
        /// The accounts in the organization which have an invalid effective policy for the specified policy type.
        public let accounts: [Account]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// The specified policy type. One of the following values:    DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let policyType: EffectivePolicyType?

        @inlinable
        public init(accounts: [Account]? = nil, nextToken: String? = nil, policyType: EffectivePolicyType? = nil) {
            self.accounts = accounts
            self.nextToken = nextToken
            self.policyType = policyType
        }

        private enum CodingKeys: String, CodingKey {
            case accounts = "Accounts"
            case nextToken = "NextToken"
            case policyType = "PolicyType"
        }
    }

    public struct ListChildrenRequest: AWSEncodableShape {
        /// Filters the output to include only the specified child type.
        public let childType: ChildType
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The unique identifier (ID) for the parent root or OU whose children you want to list. The regex pattern for a parent ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let parentId: String

        @inlinable
        public init(childType: ChildType, maxResults: Int? = nil, nextToken: String? = nil, parentId: String) {
            self.childType = childType
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.parentId = parentId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.parentId, name: "parentId", parent: name, max: 100)
            try self.validate(self.parentId, name: "parentId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case childType = "ChildType"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case parentId = "ParentId"
        }
    }

    public struct ListChildrenResponse: AWSDecodableShape {
        /// The list of children of the specified parent container.
        public let children: [Child]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(children: [Child]? = nil, nextToken: String? = nil) {
            self.children = children
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case children = "Children"
            case nextToken = "NextToken"
        }
    }

    public struct ListCreateAccountStatusRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// A list of one or more states that you want included in the response. If this parameter isn't present, all requests are included in the response.
        public let states: [CreateAccountState]?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, states: [CreateAccountState]? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.states = states
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case states = "States"
        }
    }

    public struct ListCreateAccountStatusResponse: AWSDecodableShape {
        /// A list of objects with details about the requests. Certain elements, such as the accountId number, are present in the output only after the account has been successfully created.
        public let createAccountStatuses: [CreateAccountStatus]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(createAccountStatuses: [CreateAccountStatus]? = nil, nextToken: String? = nil) {
            self.createAccountStatuses = createAccountStatuses
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case createAccountStatuses = "CreateAccountStatuses"
            case nextToken = "NextToken"
        }
    }

    public struct ListDelegatedAdministratorsRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// Specifies a service principal name. If specified, then the operation lists the delegated administrators only for the specified service. If you don't specify a service principal, the operation lists all delegated administrators for all services in your organization.
        public let servicePrincipal: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, servicePrincipal: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.servicePrincipal = servicePrincipal
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, max: 128)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, min: 1)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, pattern: "^[\\w+=,.@-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case servicePrincipal = "ServicePrincipal"
        }
    }

    public struct ListDelegatedAdministratorsResponse: AWSDecodableShape {
        /// The list of delegated administrators in your organization.
        public let delegatedAdministrators: [DelegatedAdministrator]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(delegatedAdministrators: [DelegatedAdministrator]? = nil, nextToken: String? = nil) {
            self.delegatedAdministrators = delegatedAdministrators
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case delegatedAdministrators = "DelegatedAdministrators"
            case nextToken = "NextToken"
        }
    }

    public struct ListDelegatedServicesForAccountRequest: AWSEncodableShape {
        /// The account ID number of a delegated administrator account in the organization.
        public let accountId: String
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(accountId: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.accountId = accountId
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListDelegatedServicesForAccountResponse: AWSDecodableShape {
        /// The services for which the account is a delegated administrator.
        public let delegatedServices: [DelegatedService]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(delegatedServices: [DelegatedService]? = nil, nextToken: String? = nil) {
            self.delegatedServices = delegatedServices
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case delegatedServices = "DelegatedServices"
            case nextToken = "NextToken"
        }
    }

    public struct ListEffectivePolicyValidationErrorsRequest: AWSEncodableShape {
        /// The ID of the account that you want details about. Specifying an organization root or organizational unit (OU) as the target is not supported.
        public let accountId: String
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The type of policy that you want information about. You can specify one of the following values:    DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let policyType: EffectivePolicyType

        @inlinable
        public init(accountId: String, maxResults: Int? = nil, nextToken: String? = nil, policyType: EffectivePolicyType) {
            self.accountId = accountId
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.policyType = policyType
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case policyType = "PolicyType"
        }
    }

    public struct ListEffectivePolicyValidationErrorsResponse: AWSDecodableShape {
        /// The ID of the specified account.
        public let accountId: String?
        /// The EffectivePolicyValidationError object contains details about the validation errors that occurred when generating or enforcing an effective policy, such as which policies contributed to the error and location of the error.
        public let effectivePolicyValidationErrors: [EffectivePolicyValidationError]?
        /// The time when the latest effective policy was generated for the specified account.
        public let evaluationTimestamp: Date?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// The path in the organization where the specified account exists.
        public let path: String?
        /// The specified policy type. One of the following values:    DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let policyType: EffectivePolicyType?

        @inlinable
        public init(accountId: String? = nil, effectivePolicyValidationErrors: [EffectivePolicyValidationError]? = nil, evaluationTimestamp: Date? = nil, nextToken: String? = nil, path: String? = nil, policyType: EffectivePolicyType? = nil) {
            self.accountId = accountId
            self.effectivePolicyValidationErrors = effectivePolicyValidationErrors
            self.evaluationTimestamp = evaluationTimestamp
            self.nextToken = nextToken
            self.path = path
            self.policyType = policyType
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case effectivePolicyValidationErrors = "EffectivePolicyValidationErrors"
            case evaluationTimestamp = "EvaluationTimestamp"
            case nextToken = "NextToken"
            case path = "Path"
            case policyType = "PolicyType"
        }
    }

    public struct ListHandshakesForAccountRequest: AWSEncodableShape {
        /// Filters the handshakes that you want included in the response. The default is all types. Use the ActionType element to limit the output to only a specified type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively, for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake for each member account, you can specify ParentHandshakeId to see only the handshakes that were generated by that parent request.
        public let filter: HandshakeFilter?
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(filter: HandshakeFilter? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.filter = filter
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.filter?.validate(name: "\(name).filter")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case filter = "Filter"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListHandshakesForAccountResponse: AWSDecodableShape {
        /// A list of Handshake objects with details about each of the handshakes that is associated with the specified account.
        public let handshakes: [Handshake]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(handshakes: [Handshake]? = nil, nextToken: String? = nil) {
            self.handshakes = handshakes
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case handshakes = "Handshakes"
            case nextToken = "NextToken"
        }
    }

    public struct ListHandshakesForOrganizationRequest: AWSEncodableShape {
        /// A filter of the handshakes that you want included in the response. The default is all types. Use the ActionType element to limit the output to only a specified type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake for each member account, you can specify the ParentHandshakeId to see only the handshakes that were generated by that parent request.
        public let filter: HandshakeFilter?
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(filter: HandshakeFilter? = nil, maxResults: Int? = nil, nextToken: String? = nil) {
            self.filter = filter
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.filter?.validate(name: "\(name).filter")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case filter = "Filter"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListHandshakesForOrganizationResponse: AWSDecodableShape {
        /// A list of Handshake objects with details about each of the handshakes that are associated with an organization.
        public let handshakes: [Handshake]?
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?

        @inlinable
        public init(handshakes: [Handshake]? = nil, nextToken: String? = nil) {
            self.handshakes = handshakes
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case handshakes = "Handshakes"
            case nextToken = "NextToken"
        }
    }

    public struct ListOrganizationalUnitsForParentRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The unique identifier (ID) of the root or OU whose child OUs you want to list. The regex pattern for a parent ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let parentId: String

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, parentId: String) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.parentId = parentId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.parentId, name: "parentId", parent: name, max: 100)
            try self.validate(self.parentId, name: "parentId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case parentId = "ParentId"
        }
    }

    public struct ListOrganizationalUnitsForParentResponse: AWSDecodableShape {
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// A list of the OUs in the specified root or parent OU.
        public let organizationalUnits: [OrganizationalUnit]?

        @inlinable
        public init(nextToken: String? = nil, organizationalUnits: [OrganizationalUnit]? = nil) {
            self.nextToken = nextToken
            self.organizationalUnits = organizationalUnits
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case organizationalUnits = "OrganizationalUnits"
        }
    }

    public struct ListParentsRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the OU or account whose parent containers you want to list. Don't specify a root. The regex pattern for a child ID string requires one of the  following:    Account - A string that consists of exactly 12 digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that  contains the OU). This string is followed by a second "-" dash and from 8 to 32 additional  lowercase letters or digits.
        public let childId: String
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(childId: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.childId = childId
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.childId, name: "childId", parent: name, max: 100)
            try self.validate(self.childId, name: "childId", parent: name, pattern: "^(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case childId = "ChildId"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListParentsResponse: AWSDecodableShape {
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// A list of parents for the specified child account or OU.
        public let parents: [Parent]?

        @inlinable
        public init(nextToken: String? = nil, parents: [Parent]? = nil) {
            self.nextToken = nextToken
            self.parents = parents
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case parents = "Parents"
        }
    }

    public struct ListPoliciesForTargetRequest: AWSEncodableShape {
        /// The type of policy that you want to include in the returned list. You must specify one of the following values:    SERVICE_CONTROL_POLICY     RESOURCE_CONTROL_POLICY     DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let filter: PolicyType
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The unique identifier (ID) of the root, organizational unit, or account whose policies you want to list. The regex pattern for a target ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Account - A string that consists of exactly 12 digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32  lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let targetId: String

        @inlinable
        public init(filter: PolicyType, maxResults: Int? = nil, nextToken: String? = nil, targetId: String) {
            self.filter = filter
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.targetId = targetId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.targetId, name: "targetId", parent: name, max: 100)
            try self.validate(self.targetId, name: "targetId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case filter = "Filter"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case targetId = "TargetId"
        }
    }

    public struct ListPoliciesForTargetResponse: AWSDecodableShape {
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// The list of policies that match the criteria in the request.
        public let policies: [PolicySummary]?

        @inlinable
        public init(nextToken: String? = nil, policies: [PolicySummary]? = nil) {
            self.nextToken = nextToken
            self.policies = policies
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case policies = "Policies"
        }
    }

    public struct ListPoliciesRequest: AWSEncodableShape {
        /// Specifies the type of policy that you want to include in the response. You must specify one of the following values:    SERVICE_CONTROL_POLICY     RESOURCE_CONTROL_POLICY     DECLARATIVE_POLICY_EC2     BACKUP_POLICY     TAG_POLICY     CHATBOT_POLICY     AISERVICES_OPT_OUT_POLICY     SECURITYHUB_POLICY
        public let filter: PolicyType
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(filter: PolicyType, maxResults: Int? = nil, nextToken: String? = nil) {
            self.filter = filter
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case filter = "Filter"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListPoliciesResponse: AWSDecodableShape {
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// A list of policies that match the filter criteria in the request. The output list doesn't include the policy contents. To see the content for a policy, see DescribePolicy.
        public let policies: [PolicySummary]?

        @inlinable
        public init(nextToken: String? = nil, policies: [PolicySummary]? = nil) {
            self.nextToken = nextToken
            self.policies = policies
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case policies = "Policies"
        }
    }

    public struct ListRootsRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListRootsResponse: AWSDecodableShape {
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// A list of roots that are defined in an organization.
        public let roots: [Root]?

        @inlinable
        public init(nextToken: String? = nil, roots: [Root]? = nil) {
            self.nextToken = nextToken
            self.roots = roots
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case roots = "Roots"
        }
    }

    public struct ListTagsForResourceRequest: AWSEncodableShape {
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The ID of the resource with the tags to list. You can specify any of the following taggable resources.   Amazon Web Services account – specify the account ID number.   Organizational unit  – specify the OU ID that begins with ou- and looks similar to: ou-1a2b-34uvwxyz     Root – specify the root ID that begins with r- and looks similar to: r-1a2b     Policy – specify the policy ID that begins with p- andlooks similar to: p-12abcdefg3
        public let resourceId: String

        @inlinable
        public init(nextToken: String? = nil, resourceId: String) {
            self.nextToken = nextToken
            self.resourceId = resourceId
        }

        public func validate(name: String) throws {
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.resourceId, name: "resourceId", parent: name, max: 130)
            try self.validate(self.resourceId, name: "resourceId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})|(^p-[0-9a-zA-Z_]{8,128})|(^rp-[0-9a-zA-Z_]{4,128})$")
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case resourceId = "ResourceId"
        }
    }

    public struct ListTagsForResourceResponse: AWSDecodableShape {
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// The tags that are assigned to the resource.
        public let tags: [Tag]?

        @inlinable
        public init(nextToken: String? = nil, tags: [Tag]? = nil) {
            self.nextToken = nextToken
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case tags = "Tags"
        }
    }

    public struct ListTargetsForPolicyRequest: AWSEncodableShape {
        /// The total number of results that you want included on each page of the  response. If you do not include this parameter, it defaults to a value that is specific to the  operation. If additional items exist beyond the maximum you specify, the NextToken  response element is present and has a value (is not null). Include that value as the  NextToken request parameter in the next call to the operation to get the next part  of the results. Note that Organizations might return fewer results than the maximum even when there are  more results available. You should check NextToken after every operation to ensure  that you receive all of the results.
        public let maxResults: Int?
        /// The parameter for receiving additional results if you receive a  NextToken response in a previous request. A NextToken response  indicates that more output is available. Set this parameter to the value of the previous  call's NextToken response to indicate where the output should continue  from.
        public let nextToken: String?
        /// The unique identifier (ID) of the policy whose attachments you want to know. The regex pattern for a policy ID string requires "p-" followed  by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
        public let policyId: String

        @inlinable
        public init(maxResults: Int? = nil, nextToken: String? = nil, policyId: String) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.policyId = policyId
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 20)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 100000)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.policyId, name: "policyId", parent: name, max: 130)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^p-[0-9a-zA-Z_]{8,128}$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case policyId = "PolicyId"
        }
    }

    public struct ListTargetsForPolicyResponse: AWSDecodableShape {
        /// If present, indicates that more output is available than is  included in the current response. Use this value in the NextToken request parameter  in a subsequent call to the operation to get the next part of the output. You should repeat this  until the NextToken response element comes back as null.
        public let nextToken: String?
        /// A list of structures, each of which contains details about one of the entities to which the specified policy is attached.
        public let targets: [PolicyTargetSummary]?

        @inlinable
        public init(nextToken: String? = nil, targets: [PolicyTargetSummary]? = nil) {
            self.nextToken = nextToken
            self.targets = targets
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case targets = "Targets"
        }
    }

    public struct MoveAccountRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the account that you want to move. The regex pattern for an account ID string requires exactly 12 digits.
        public let accountId: String
        /// The unique identifier (ID) of the root or organizational unit that you want to move the account to. The regex pattern for a parent ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let destinationParentId: String
        /// The unique identifier (ID) of the root or organizational unit that you want to move the account from. The regex pattern for a parent ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let sourceParentId: String

        @inlinable
        public init(accountId: String, destinationParentId: String, sourceParentId: String) {
            self.accountId = accountId
            self.destinationParentId = destinationParentId
            self.sourceParentId = sourceParentId
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
            try self.validate(self.destinationParentId, name: "destinationParentId", parent: name, max: 100)
            try self.validate(self.destinationParentId, name: "destinationParentId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
            try self.validate(self.sourceParentId, name: "sourceParentId", parent: name, max: 100)
            try self.validate(self.sourceParentId, name: "sourceParentId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case destinationParentId = "DestinationParentId"
            case sourceParentId = "SourceParentId"
        }
    }

    public struct Organization: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of an organization. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let arn: String?
        ///  Do not use. This field is deprecated and doesn't provide complete information about the policies in your organization.  To determine the policies that are enabled and available for use in your organization, use the ListRoots operation instead.
        public let availablePolicyTypes: [PolicyTypeSummary]?
        /// Specifies the functionality that currently is available to the organization. If set to "ALL", then all features are enabled and policies can be applied to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only consolidated billing functionality is available. For more information, see Enabling all features in your organization in the Organizations User Guide.
        public let featureSet: OrganizationFeatureSet?
        /// The unique identifier (ID) of an organization. The regex pattern for an organization ID string requires "o-"  followed by from 10 to 32 lowercase letters or digits.
        public let id: String?
        /// The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let masterAccountArn: String?
        /// The email address that is associated with the Amazon Web Services account that is designated as the management account for the organization.
        public let masterAccountEmail: String?
        /// The unique identifier (ID) of the management account of an organization. The regex pattern for an account ID string requires exactly 12 digits.
        public let masterAccountId: String?

        @inlinable
        public init(arn: String? = nil, availablePolicyTypes: [PolicyTypeSummary]? = nil, featureSet: OrganizationFeatureSet? = nil, id: String? = nil, masterAccountArn: String? = nil, masterAccountEmail: String? = nil, masterAccountId: String? = nil) {
            self.arn = arn
            self.availablePolicyTypes = availablePolicyTypes
            self.featureSet = featureSet
            self.id = id
            self.masterAccountArn = masterAccountArn
            self.masterAccountEmail = masterAccountEmail
            self.masterAccountId = masterAccountId
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case availablePolicyTypes = "AvailablePolicyTypes"
            case featureSet = "FeatureSet"
            case id = "Id"
            case masterAccountArn = "MasterAccountArn"
            case masterAccountEmail = "MasterAccountEmail"
            case masterAccountId = "MasterAccountId"
        }
    }

    public struct OrganizationalUnit: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of this OU. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let arn: String?
        /// The unique identifier (ID) associated with this OU. The ID is unique to the organization only. The regex pattern for an organizational unit ID string requires  "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the  OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters  or digits.
        public let id: String?
        /// The friendly name of this OU. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String?

        @inlinable
        public init(arn: String? = nil, id: String? = nil, name: String? = nil) {
            self.arn = arn
            self.id = id
            self.name = name
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case id = "Id"
            case name = "Name"
        }
    }

    public struct Parent: AWSDecodableShape {
        /// The unique identifier (ID) of the parent entity. The regex pattern for a parent ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let id: String?
        /// The type of the parent entity.
        public let type: ParentType?

        @inlinable
        public init(id: String? = nil, type: ParentType? = nil) {
            self.id = id
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case id = "Id"
            case type = "Type"
        }
    }

    public struct Policy: AWSDecodableShape {
        /// The text content of the policy.
        public let content: String?
        /// A structure that contains additional details about the policy.
        public let policySummary: PolicySummary?

        @inlinable
        public init(content: String? = nil, policySummary: PolicySummary? = nil) {
            self.content = content
            self.policySummary = policySummary
        }

        private enum CodingKeys: String, CodingKey {
            case content = "Content"
            case policySummary = "PolicySummary"
        }
    }

    public struct PolicySummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the policy. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let arn: String?
        /// A boolean value that indicates whether the specified policy is an Amazon Web Services managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.
        public let awsManaged: Bool?
        /// The description of the policy.
        public let description: String?
        /// The unique identifier (ID) of the policy. The regex pattern for a policy ID string requires "p-" followed  by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
        public let id: String?
        /// The friendly name of the policy. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String?
        /// The type of policy.
        public let type: PolicyType?

        @inlinable
        public init(arn: String? = nil, awsManaged: Bool? = nil, description: String? = nil, id: String? = nil, name: String? = nil, type: PolicyType? = nil) {
            self.arn = arn
            self.awsManaged = awsManaged
            self.description = description
            self.id = id
            self.name = name
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case awsManaged = "AwsManaged"
            case description = "Description"
            case id = "Id"
            case name = "Name"
            case type = "Type"
        }
    }

    public struct PolicyTargetSummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the policy target. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let arn: String?
        /// The friendly name of the policy target. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String?
        /// The unique identifier (ID) of the policy target. The regex pattern for a target ID string requires one of the  following:    Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or  digits.    Account - A string that consists of exactly 12 digits.    Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32  lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second  "-" dash and from 8 to 32 additional lowercase letters or digits.
        public let targetId: String?
        /// The type of the policy target.
        public let type: TargetType?

        @inlinable
        public init(arn: String? = nil, name: String? = nil, targetId: String? = nil, type: TargetType? = nil) {
            self.arn = arn
            self.name = name
            self.targetId = targetId
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case name = "Name"
            case targetId = "TargetId"
            case type = "Type"
        }
    }

    public struct PolicyTypeSummary: AWSDecodableShape {
        /// The status of the policy type as it relates to the associated root. To attach a policy of the specified type to a root or to an OU or account in that root, it must be available in the organization and enabled for that root.
        public let status: PolicyTypeStatus?
        /// The name of the policy type.
        public let type: PolicyType?

        @inlinable
        public init(status: PolicyTypeStatus? = nil, type: PolicyType? = nil) {
            self.status = status
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case status = "Status"
            case type = "Type"
        }
    }

    public struct PutResourcePolicyRequest: AWSEncodableShape {
        /// If provided, the new content for the resource policy. The text must be correctly formatted JSON that complies with the syntax for the resource policy's type. For more information, see SCP syntax in the Organizations User Guide.
        public let content: String
        /// A list of tags that you want to attach to the newly created resource policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging Organizations resources in the Organizations User Guide.  Calls with tags apply to the initial creation of the resource policy, otherwise an exception is thrown. If any one of the tags is not valid or if you exceed the allowed number of tags for the resource policy, then the entire request fails and the resource policy is not created.
        public let tags: [Tag]?

        @inlinable
        public init(content: String, tags: [Tag]? = nil) {
            self.content = content
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.content, name: "content", parent: name, max: 40000)
            try self.validate(self.content, name: "content", parent: name, min: 1)
            try self.validate(self.content, name: "content", parent: name, pattern: "^[\\s\\S]*$")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case content = "Content"
            case tags = "Tags"
        }
    }

    public struct PutResourcePolicyResponse: AWSDecodableShape {
        /// A structure that contains details about the resource policy.
        public let resourcePolicy: ResourcePolicy?

        @inlinable
        public init(resourcePolicy: ResourcePolicy? = nil) {
            self.resourcePolicy = resourcePolicy
        }

        private enum CodingKeys: String, CodingKey {
            case resourcePolicy = "ResourcePolicy"
        }
    }

    public struct RegisterDelegatedAdministratorRequest: AWSEncodableShape {
        /// The account ID number of the member account in the organization to register as a delegated administrator.
        public let accountId: String
        /// The service principal of the Amazon Web Services service for which you want to make the member account a delegated administrator.
        public let servicePrincipal: String

        @inlinable
        public init(accountId: String, servicePrincipal: String) {
            self.accountId = accountId
            self.servicePrincipal = servicePrincipal
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, max: 128)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, min: 1)
            try self.validate(self.servicePrincipal, name: "servicePrincipal", parent: name, pattern: "^[\\w+=,.@-]*$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case servicePrincipal = "ServicePrincipal"
        }
    }

    public struct RemoveAccountFromOrganizationRequest: AWSEncodableShape {
        /// The unique identifier (ID) of the member account that you want to remove from the organization. The regex pattern for an account ID string requires exactly 12 digits.
        public let accountId: String

        @inlinable
        public init(accountId: String) {
            self.accountId = accountId
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 12)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d{12}$")
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
        }
    }

    public struct ResourcePolicy: AWSDecodableShape {
        /// The policy text of the resource policy.
        public let content: String?
        /// A structure that contains resource policy ID and Amazon Resource Name (ARN).
        public let resourcePolicySummary: ResourcePolicySummary?

        @inlinable
        public init(content: String? = nil, resourcePolicySummary: ResourcePolicySummary? = nil) {
            self.content = content
            self.resourcePolicySummary = resourcePolicySummary
        }

        private enum CodingKeys: String, CodingKey {
            case content = "Content"
            case resourcePolicySummary = "ResourcePolicySummary"
        }
    }

    public struct ResourcePolicySummary: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the resource policy.
        public let arn: String?
        /// The unique identifier (ID) of the resource policy.
        public let id: String?

        @inlinable
        public init(arn: String? = nil, id: String? = nil) {
            self.arn = arn
            self.id = id
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case id = "Id"
        }
    }

    public struct Root: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the root. For more information about ARNs in Organizations, see ARN  Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
        public let arn: String?
        /// The unique identifier (ID) for the root. The ID is unique to the organization only. The regex pattern for a root ID string requires "r-" followed by  from 4 to 32 lowercase letters or digits.
        public let id: String?
        /// The friendly name of the root. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String?
        /// The types of policies that are currently enabled for the root and therefore can be attached to the root or to its OUs or accounts.  Even if a policy type is shown as available in the organization, you can separately enable and disable them at the root level by using EnablePolicyType and DisablePolicyType. Use DescribeOrganization to see the availability of the policy types in that organization.
        public let policyTypes: [PolicyTypeSummary]?

        @inlinable
        public init(arn: String? = nil, id: String? = nil, name: String? = nil, policyTypes: [PolicyTypeSummary]? = nil) {
            self.arn = arn
            self.id = id
            self.name = name
            self.policyTypes = policyTypes
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case id = "Id"
            case name = "Name"
            case policyTypes = "PolicyTypes"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// The key identifier, or name, of the tag.
        public let key: String
        /// The string value that's associated with the key of the tag. You can set the value of a tag to an empty string, but you can't set the value of a tag to null.
        public let value: String

        @inlinable
        public init(key: String, value: String) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.key, name: "key", parent: name, pattern: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$")
            try self.validate(self.value, name: "value", parent: name, max: 256)
            try self.validate(self.value, name: "value", parent: name, pattern: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$")
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case value = "Value"
        }
    }

    public struct TagResourceRequest: AWSEncodableShape {
        /// The ID of the resource to add a tag to. You can specify any of the following taggable resources.   Amazon Web Services account – specify the account ID number.   Organizational unit  – specify the OU ID that begins with ou- and looks similar to: ou-1a2b-34uvwxyz     Root – specify the root ID that begins with r- and looks similar to: r-1a2b     Policy – specify the policy ID that begins with p- andlooks similar to: p-12abcdefg3
        public let resourceId: String
        /// A list of tags to add to the specified resource. For each tag in the list, you must specify both a tag key and a value. The value can be an empty string, but you can't set it to null.  If any one of the tags is not valid or if you exceed the maximum allowed number of tags for a resource, then the entire request fails.
        public let tags: [Tag]

        @inlinable
        public init(resourceId: String, tags: [Tag]) {
            self.resourceId = resourceId
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceId, name: "resourceId", parent: name, max: 130)
            try self.validate(self.resourceId, name: "resourceId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})|(^p-[0-9a-zA-Z_]{8,128})|(^rp-[0-9a-zA-Z_]{4,128})$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case resourceId = "ResourceId"
            case tags = "Tags"
        }
    }

    public struct TooManyRequestsException: AWSErrorShape {
        public let message: String?
        public let type: String?

        @inlinable
        public init(message: String? = nil, type: String? = nil) {
            self.message = message
            self.type = type
        }

        private enum CodingKeys: String, CodingKey {
            case message = "Message"
            case type = "Type"
        }
    }

    public struct UntagResourceRequest: AWSEncodableShape {
        /// The ID of the resource to remove a tag from. You can specify any of the following taggable resources.   Amazon Web Services account – specify the account ID number.   Organizational unit  – specify the OU ID that begins with ou- and looks similar to: ou-1a2b-34uvwxyz     Root – specify the root ID that begins with r- and looks similar to: r-1a2b     Policy – specify the policy ID that begins with p- andlooks similar to: p-12abcdefg3
        public let resourceId: String
        /// The list of keys for tags to remove from the specified resource.
        public let tagKeys: [String]

        @inlinable
        public init(resourceId: String, tagKeys: [String]) {
            self.resourceId = resourceId
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceId, name: "resourceId", parent: name, max: 130)
            try self.validate(self.resourceId, name: "resourceId", parent: name, pattern: "^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})|(^p-[0-9a-zA-Z_]{8,128})|(^rp-[0-9a-zA-Z_]{4,128})$")
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
                try validate($0, name: "tagKeys[]", parent: name, pattern: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case resourceId = "ResourceId"
            case tagKeys = "TagKeys"
        }
    }

    public struct UpdateOrganizationalUnitRequest: AWSEncodableShape {
        /// The new name that you want to assign to the OU. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String?
        /// The unique identifier (ID) of the OU that you want to rename. You can get the ID from the ListOrganizationalUnitsForParent operation. The regex pattern for an organizational unit ID string requires  "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the  OU). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters  or digits.
        public let organizationalUnitId: String

        @inlinable
        public init(name: String? = nil, organizationalUnitId: String) {
            self.name = name
            self.organizationalUnitId = organizationalUnitId
        }

        public func validate(name: String) throws {
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.organizationalUnitId, name: "organizationalUnitId", parent: name, max: 68)
            try self.validate(self.organizationalUnitId, name: "organizationalUnitId", parent: name, pattern: "^ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}$")
        }

        private enum CodingKeys: String, CodingKey {
            case name = "Name"
            case organizationalUnitId = "OrganizationalUnitId"
        }
    }

    public struct UpdateOrganizationalUnitResponse: AWSDecodableShape {
        /// A structure that contains the details about the specified OU, including its new name.
        public let organizationalUnit: OrganizationalUnit?

        @inlinable
        public init(organizationalUnit: OrganizationalUnit? = nil) {
            self.organizationalUnit = organizationalUnit
        }

        private enum CodingKeys: String, CodingKey {
            case organizationalUnit = "OrganizationalUnit"
        }
    }

    public struct UpdatePolicyRequest: AWSEncodableShape {
        /// If provided, the new content for the policy. The text must be correctly formatted JSON that complies with the syntax for the policy's type. For more information, see SCP syntax in the Organizations User Guide. The maximum size of a policy document depends on the policy's type. For more information, see Maximum and minimum values in the Organizations User Guide.
        public let content: String?
        /// If provided, the new description for the policy.
        public let description: String?
        /// If provided, the new name for the policy. The regex pattern  that is used to validate this parameter is a string of any of the characters in the ASCII  character range.
        public let name: String?
        /// The unique identifier (ID) of the policy that you want to update. The regex pattern for a policy ID string requires "p-" followed  by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
        public let policyId: String

        @inlinable
        public init(content: String? = nil, description: String? = nil, name: String? = nil, policyId: String) {
            self.content = content
            self.description = description
            self.name = name
            self.policyId = policyId
        }

        public func validate(name: String) throws {
            try self.validate(self.content, name: "content", parent: name, min: 1)
            try self.validate(self.content, name: "content", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.description, name: "description", parent: name, max: 512)
            try self.validate(self.description, name: "description", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.name, name: "name", parent: name, max: 128)
            try self.validate(self.name, name: "name", parent: name, min: 1)
            try self.validate(self.name, name: "name", parent: name, pattern: "^[\\s\\S]*$")
            try self.validate(self.policyId, name: "policyId", parent: name, max: 130)
            try self.validate(self.policyId, name: "policyId", parent: name, pattern: "^p-[0-9a-zA-Z_]{8,128}$")
        }

        private enum CodingKeys: String, CodingKey {
            case content = "Content"
            case description = "Description"
            case name = "Name"
            case policyId = "PolicyId"
        }
    }

    public struct UpdatePolicyResponse: AWSDecodableShape {
        /// A structure that contains details about the updated policy, showing the requested changes.
        public let policy: Policy?

        @inlinable
        public init(policy: Policy? = nil) {
            self.policy = policy
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
        }
    }
}

// MARK: - Errors

/// Error enum for Organizations
public struct OrganizationsErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case accessDeniedForDependencyException = "AccessDeniedForDependencyException"
        case accountAlreadyClosedException = "AccountAlreadyClosedException"
        case accountAlreadyRegisteredException = "AccountAlreadyRegisteredException"
        case accountNotFoundException = "AccountNotFoundException"
        case accountNotRegisteredException = "AccountNotRegisteredException"
        case accountOwnerNotVerifiedException = "AccountOwnerNotVerifiedException"
        case alreadyInOrganizationException = "AlreadyInOrganizationException"
        case awsOrganizationsNotInUseException = "AWSOrganizationsNotInUseException"
        case childNotFoundException = "ChildNotFoundException"
        case concurrentModificationException = "ConcurrentModificationException"
        case conflictException = "ConflictException"
        case constraintViolationException = "ConstraintViolationException"
        case createAccountStatusNotFoundException = "CreateAccountStatusNotFoundException"
        case destinationParentNotFoundException = "DestinationParentNotFoundException"
        case duplicateAccountException = "DuplicateAccountException"
        case duplicateHandshakeException = "DuplicateHandshakeException"
        case duplicateOrganizationalUnitException = "DuplicateOrganizationalUnitException"
        case duplicatePolicyAttachmentException = "DuplicatePolicyAttachmentException"
        case duplicatePolicyException = "DuplicatePolicyException"
        case effectivePolicyNotFoundException = "EffectivePolicyNotFoundException"
        case finalizingOrganizationException = "FinalizingOrganizationException"
        case handshakeAlreadyInStateException = "HandshakeAlreadyInStateException"
        case handshakeConstraintViolationException = "HandshakeConstraintViolationException"
        case handshakeNotFoundException = "HandshakeNotFoundException"
        case invalidHandshakeTransitionException = "InvalidHandshakeTransitionException"
        case invalidInputException = "InvalidInputException"
        case malformedPolicyDocumentException = "MalformedPolicyDocumentException"
        case masterCannotLeaveOrganizationException = "MasterCannotLeaveOrganizationException"
        case organizationNotEmptyException = "OrganizationNotEmptyException"
        case organizationalUnitNotEmptyException = "OrganizationalUnitNotEmptyException"
        case organizationalUnitNotFoundException = "OrganizationalUnitNotFoundException"
        case parentNotFoundException = "ParentNotFoundException"
        case policyChangesInProgressException = "PolicyChangesInProgressException"
        case policyInUseException = "PolicyInUseException"
        case policyNotAttachedException = "PolicyNotAttachedException"
        case policyNotFoundException = "PolicyNotFoundException"
        case policyTypeAlreadyEnabledException = "PolicyTypeAlreadyEnabledException"
        case policyTypeNotAvailableForOrganizationException = "PolicyTypeNotAvailableForOrganizationException"
        case policyTypeNotEnabledException = "PolicyTypeNotEnabledException"
        case resourcePolicyNotFoundException = "ResourcePolicyNotFoundException"
        case rootNotFoundException = "RootNotFoundException"
        case serviceException = "ServiceException"
        case sourceParentNotFoundException = "SourceParentNotFoundException"
        case targetNotFoundException = "TargetNotFoundException"
        case tooManyRequestsException = "TooManyRequestsException"
        case unsupportedAPIEndpointException = "UnsupportedAPIEndpointException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize Organizations
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access Management in the IAM User Guide.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// The operation that you attempted requires you to have the iam:CreateServiceLinkedRole for organizations.amazonaws.com permission so that Organizations can create the required service-linked role. You don't have that permission.
    public static var accessDeniedForDependencyException: Self { .init(.accessDeniedForDependencyException) }
    /// You attempted to close an account that is already closed.
    public static var accountAlreadyClosedException: Self { .init(.accountAlreadyClosedException) }
    /// The specified account is already a delegated administrator for this Amazon Web Services service.
    public static var accountAlreadyRegisteredException: Self { .init(.accountAlreadyRegisteredException) }
    ///  We can't find an Amazon Web Services account with the AccountId that you specified, or the account whose credentials you used to make this request isn't a member of an organization.
    public static var accountNotFoundException: Self { .init(.accountNotFoundException) }
    /// The specified account is not a delegated administrator for this Amazon Web Services service.
    public static var accountNotRegisteredException: Self { .init(.accountNotRegisteredException) }
    /// You can't invite an existing account to your organization until you verify that you own the email address associated with the management account. For more information, see Email address verification in the Organizations User Guide.
    public static var accountOwnerNotVerifiedException: Self { .init(.accountOwnerNotVerifiedException) }
    /// This account is already a member of an organization. An account can belong to only one organization at a time.
    public static var alreadyInOrganizationException: Self { .init(.alreadyInOrganizationException) }
    /// Your account isn't a member of an organization. To make this request, you must use the credentials of an account that belongs to an organization.
    public static var awsOrganizationsNotInUseException: Self { .init(.awsOrganizationsNotInUseException) }
    /// We can't find an organizational unit (OU) or Amazon Web Services account with the ChildId that you specified.
    public static var childNotFoundException: Self { .init(.childNotFoundException) }
    /// The target of the operation is currently being modified by a different request. Try again later.
    public static var concurrentModificationException: Self { .init(.concurrentModificationException) }
    /// The request failed because it conflicts with the current state of the specified resource.
    public static var conflictException: Self { .init(.conflictException) }
    /// Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:  Some of the reasons in the following list might not be applicable to this specific API or operation.    ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.   ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.   ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.   ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You must complete the account setup before you create an organization.   ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.  Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.  Deleted and closed accounts still count toward your limit.   If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.    ALL_FEATURES_MIGRATION_ORGANIZATION_SIZE_LIMIT_EXCEEDED: Your organization has more than 5000 accounts, and you can only use the standard migration process for organizations with less than 5000 accounts. Use the assisted migration process to enable all features mode, or create a support case for assistance if you are unable to use assisted migration.   CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as a delegated administrator.   CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.   CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management account for the organization, you must first either remove or close all member accounts in the organization. Follow standard account closure process using root credentials.​    CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.    CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.    CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close at a time. ​    CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.   DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.   EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verfication code.   HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.   INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.   MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. All accounts in an organization must be associated with the same marketplace.   MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.   MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.   MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the  Amazon Web Services GovCloud User Guide.   MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.   MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.    MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.   MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.    MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.   MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.   ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.   OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.   OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.   POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.   POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.   POLICY_TYPE_ENABLED_FOR_THIS_SERVICE: You attempted to disable service access before you disabled the policy type (for example, SECURITYHUB_POLICY). To complete this operation, you must first disable the policy type.   SERVICE_ACCESS_NOT_ENABLED:   You attempted to register a delegated administrator before you enabled service access. Call the EnableAWSServiceAccess API first.   You attempted to enable a policy type before you enabled service access. Call the EnableAWSServiceAccess API first.     TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.   WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least seven days after the account was created. Invited accounts aren't subject to this waiting period.
    public static var constraintViolationException: Self { .init(.constraintViolationException) }
    /// We can't find an create account request with the CreateAccountRequestId that you specified.
    public static var createAccountStatusNotFoundException: Self { .init(.createAccountStatusNotFoundException) }
    /// We can't find the destination container (a root or OU) with the ParentId that you specified.
    public static var destinationParentNotFoundException: Self { .init(.destinationParentNotFoundException) }
    /// That account is already present in the specified destination.
    public static var duplicateAccountException: Self { .init(.duplicateAccountException) }
    /// A handshake with the same action and target already exists. For example, if you invited an account to join your organization, the invited account might already have a pending invitation from this organization. If you intend to resend an invitation to an account, ensure that existing handshakes that might be considered duplicates are canceled or declined.
    public static var duplicateHandshakeException: Self { .init(.duplicateHandshakeException) }
    /// An OU with the same name already exists.
    public static var duplicateOrganizationalUnitException: Self { .init(.duplicateOrganizationalUnitException) }
    /// The selected policy is already attached to the specified target.
    public static var duplicatePolicyAttachmentException: Self { .init(.duplicatePolicyAttachmentException) }
    /// A policy with the same name already exists.
    public static var duplicatePolicyException: Self { .init(.duplicatePolicyException) }
    /// If you ran this action on the management account, this policy type is not enabled. If you ran the action on a member account, the account doesn't have an effective policy of this type. Contact the administrator of your organization about attaching a policy of this type to the account.
    public static var effectivePolicyNotFoundException: Self { .init(.effectivePolicyNotFoundException) }
    /// Organizations couldn't perform the operation because your organization hasn't finished initializing. This can take up to an hour. Try again later. If after one hour you continue to receive this error, contact Amazon Web Services Support.
    public static var finalizingOrganizationException: Self { .init(.finalizingOrganizationException) }
    /// The specified handshake is already in the requested state. For example, you can't accept a handshake that was already accepted.
    public static var handshakeAlreadyInStateException: Self { .init(.handshakeAlreadyInStateException) }
    /// The requested operation would violate the constraint identified in the reason code.  Some of the reasons in the following list might not be applicable to this specific API or operation:    ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit.  If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact Amazon Web Services Support.    ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.   HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.   INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.   ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.   ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the organization has already started the process to enable all features.   ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization.   ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.   PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it.
    public static var handshakeConstraintViolationException: Self { .init(.handshakeConstraintViolationException) }
    /// We can't find a handshake with the HandshakeId that you specified.
    public static var handshakeNotFoundException: Self { .init(.handshakeNotFoundException) }
    /// You can't perform the operation on the handshake in its current state. For example, you can't cancel a handshake that was already accepted or accept a handshake that was already declined.
    public static var invalidHandshakeTransitionException: Self { .init(.invalidHandshakeTransitionException) }
    /// The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:  Some of the reasons in the following list might not be applicable to this specific API or operation.    DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.   IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.   INPUT_REQUIRED: You must include a value for all required parameters.   INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.   INVALID_ENUM: You specified an invalid value.   INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.   INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.   INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.   INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.   INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.   INVALID_PATTERN: You provided a value that doesn't match the required pattern.   INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.   INVALID_PRINCIPAL: You specified an invalid principal element in the policy.   INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor.   INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.   INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.    INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count against your tags per resource limit.   MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.   MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.   MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.   MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.   MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.   MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.   NON_DETACHABLE_POLICY: You can't detach this Amazon Web Services Managed Policy.   TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.   UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
    public static var invalidInputException: Self { .init(.invalidInputException) }
    /// The provided policy document doesn't meet the requirements of the specified policy type. For example, the syntax might be incorrect. For details about service control policy syntax, see SCP syntax in the Organizations User Guide.
    public static var malformedPolicyDocumentException: Self { .init(.malformedPolicyDocumentException) }
    /// You can't remove a management account from an organization. If you want the management account to become a member account in another organization, you must first delete the current organization of the management account.
    public static var masterCannotLeaveOrganizationException: Self { .init(.masterCannotLeaveOrganizationException) }
    /// The organization isn't empty. To delete an organization, you must first remove all accounts except the management account.
    public static var organizationNotEmptyException: Self { .init(.organizationNotEmptyException) }
    /// The specified OU is not empty. Move all accounts to another root or to other OUs, remove all child OUs, and try the operation again.
    public static var organizationalUnitNotEmptyException: Self { .init(.organizationalUnitNotEmptyException) }
    /// We can't find an OU with the OrganizationalUnitId that you specified.
    public static var organizationalUnitNotFoundException: Self { .init(.organizationalUnitNotFoundException) }
    /// We can't find a root or OU with the ParentId that you specified.
    public static var parentNotFoundException: Self { .init(.parentNotFoundException) }
    /// Changes to the effective policy are in progress, and its contents can't be returned. Try the operation again later.
    public static var policyChangesInProgressException: Self { .init(.policyChangesInProgressException) }
    /// The policy is attached to one or more entities. You must detach it from all roots, OUs, and accounts before performing this operation.
    public static var policyInUseException: Self { .init(.policyInUseException) }
    /// The policy isn't attached to the specified target in the specified root.
    public static var policyNotAttachedException: Self { .init(.policyNotAttachedException) }
    /// We can't find a policy with the PolicyId that you specified.
    public static var policyNotFoundException: Self { .init(.policyNotFoundException) }
    /// The specified policy type is already enabled in the specified root.
    public static var policyTypeAlreadyEnabledException: Self { .init(.policyTypeAlreadyEnabledException) }
    /// You can't use the specified policy type with the feature set currently enabled for this organization. For example, you can enable SCPs only after you enable all features in the organization. For more information, see Managing Organizations policiesin the Organizations User Guide.
    public static var policyTypeNotAvailableForOrganizationException: Self { .init(.policyTypeNotAvailableForOrganizationException) }
    /// The specified policy type isn't currently enabled in this root. You can't attach policies of the specified type to entities in a root until you enable that type in the root. For more information, see Enabling all features in your organization in the Organizations User Guide.
    public static var policyTypeNotEnabledException: Self { .init(.policyTypeNotEnabledException) }
    /// We can't find a resource policy request with the parameter that you specified.
    public static var resourcePolicyNotFoundException: Self { .init(.resourcePolicyNotFoundException) }
    /// We can't find a root with the RootId that you specified.
    public static var rootNotFoundException: Self { .init(.rootNotFoundException) }
    /// Organizations can't complete your request because of an internal service error. Try again later.
    public static var serviceException: Self { .init(.serviceException) }
    /// We can't find a source root or OU with the ParentId that you specified.
    public static var sourceParentNotFoundException: Self { .init(.sourceParentNotFoundException) }
    /// We can't find a root, OU, account, or policy with the TargetId that you specified.
    public static var targetNotFoundException: Self { .init(.targetNotFoundException) }
    /// You have sent too many requests in too short a period of time. The quota helps protect against denial-of-service attacks. Try again later. For information about quotas that affect Organizations, see Quotas for Organizations in the Organizations User Guide.
    public static var tooManyRequestsException: Self { .init(.tooManyRequestsException) }
    /// This action isn't available in the current Amazon Web Services Region.
    public static var unsupportedAPIEndpointException: Self { .init(.unsupportedAPIEndpointException) }
}

extension OrganizationsErrorType: AWSServiceErrorType {
    public static let errorCodeMap: [String: AWSErrorShape.Type] = [
        "AccessDeniedForDependencyException": Organizations.AccessDeniedForDependencyException.self,
        "ConstraintViolationException": Organizations.ConstraintViolationException.self,
        "HandshakeConstraintViolationException": Organizations.HandshakeConstraintViolationException.self,
        "InvalidInputException": Organizations.InvalidInputException.self,
        "TooManyRequestsException": Organizations.TooManyRequestsException.self
    ]
}

extension OrganizationsErrorType: Equatable {
    public static func == (lhs: OrganizationsErrorType, rhs: OrganizationsErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension OrganizationsErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
